[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: grant / deny precedence indraft-ietf-ldapext-acl-model-04.txt
| To clarify, I think there are two different items for discussion:
|
| a) Default access: in the absence of any access control rules, what
| access is granted? I think the answer should be "none" since this is
| the safest default.
|
| b) Precedence of grant and deny: when a "grant" and a "deny" clause both
| apply, is access granted or denied? I think access should be denied,
| which is to say that "denies" win out over "grants."
I concur with Mark on both of them. Access should not be granted unless
explicitly permitted...
___
Anil Srivastava
iPlanet Messaging Server
Sun | Netscape Alliance