Versions Compared

Old Version 84

changes.mady.by.user Min Chen

Saved on

compared with

New Version 85

changes.mady.by.user Prachi Damle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For given user, resource and given api name, default permission is 'deny', then run through this:

  • Find all groups the user belongs too.
  • Find all 'effective' policies the groups are associated to. Effective includes all policy associations in the DB and the dynamic 'Resource Owner' policy if the resource is owned by the user
  • If any policy 'Allows' the API, grant permission to make this callElse, if any policy 'Denies' the API, deny permission to make this call
  • Else, if no Allow or Deny entry is found for any policy for this API, deny the permission

...