Check Access For Multiple Permission

Sep 11, 2013 at 12:49 PM
Hi,
I am having with a problem on the scenario like a user ( say USER A) is exist in multiple Roles.
Say Role A and Role B.
Now Role A: Read operation only
Role B: Read, Write, Delete, Update permission

Now I am confused , which operation will work for User A for Permission
If I did "Deny" Read operation on Role B for User A
and at the same time "Allow" Read operation for User A on Role A

Please suggest me how to tackle this conflict situation, Or is there any superiority over the Roles on NetSQLAzman.
Please suggest.
Sep 18, 2013 at 7:51 AM
Hello,
Deny permission is automatically propagated to all roles / tasks / operations children, but not to the fathers, it is not a matter of priority but rather of inheritance.
In addition, the Deny permission (like SQL Server), always wins on the "Allow" permission.

If you need a permit of type "Deny" but less strong then use the "Neutral" one.
Hope that help.

Regards,
Andrea.
Sep 18, 2013 at 3:04 PM

Hello Andrea,

Thanks for your reply, but I will be helpful if you provide me guidance on some particular case scenario, on which if you let me know about how NetSQLAzman resolve the below conflicts.

“Assume I define two groups, one group called Everyone, and the other called Restricted.

Members of the Everyone group have Read access to folder A, B and C.

Members of the Restricted group have Read access only to Folder A and C.

A user is a member of BOTH the Everyone group AND the Restricted group.

The user is trying to access folder B. How does NetSQLAzman resolve the authorization of the user to access folder B.

Is the user authorized to folder B because it is a Member of the Everyone Group, or is the user denied access because it is also a member of the Restricted group.

In our testing, we have found that which ever group the user was added to last, that rule will be applied by NetSQLAzman.

How does NetSQLAzman logically resolve such conflicts. If it does not, can you recommend a way for us to resolve such issues.

We think that the more restricted rule should apply, and in this case the user would not be permitted access to the B folder.”

Please advise. Thank you.

Regards

Abhijit Majumder

Sep 25, 2013 at 2:59 PM
?
Oct 7, 2013 at 10:45 AM
Now I am confused , which operation will work for User A for Permission
If I did "Deny" Read operation on Role B for User A
and at the same time "Allow" Read operation for User A on Role A