Page History

...

Find union of authorizations that specify access for the requesting user. This includes:
1. authorizations that specify accessTo to the requested resource.
2. authorizations that specify accessToClass of the requested resource type.
3. If authorizations exist for user, go to step 6, else go to next step.
Find union of authorizations that specify access for the requesting user's group. This includes:
1. authorizations that specify accessTo to the requested resource.
2. authorizations that specify accessToClass of the requested resource type.
3. If authorizations exist for group, go to step 6, else go to next step.
Find union of authorizations that specify access for the requesting user. This includes:
1. authorizations that specify accessToto the requested resource's ancestor.
2. authorizations that specify accessToClass of to the requested resource's ancestor type.
3. If authorizations exist for user, go to step 6, else go to next step.
Find union of authorizations that specify access for the requesting user's group. This includes:
1. authorizations that specify accessTo to the requested resource's ancestor.
2. authorizations that specify accessToClass of to the requested resource's ancestor type.
3. If authorizations exist for group, go to step 6, else go to next step.
If no authorization exists for user or group: Deny Allow Access.
Use the most least permissive from the set of authorizations found.
1. if the authorizations permit requested access mode: Grant access.
2. if the authorizations do not permit requested access mode: Deny access.

...

Page tree

Versions Compared

Old Version 2

New Version Current

Key