[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3532) test006-acls: warning: cannot assess the validity of the ACL scope within backend naming context

Pierangelo Masarati writes:
> Works as intended.  (...)  For instance,
> access to *
>     by * read
> can appear anywhere, but it's not quite good inside a
> backend because it also scopes outside.

I don't understand.  Can an ACL inside a database definition
sometimes be applied to data outside that database?  Or
maybe I should ask, data outside that database's suffix?

Please document the pitfalls of not including a DN in all of
a database's ACLs (or explain it and I'll document it:-).
I don't like to not understand what I'm fixing when I shut
up a warning, nor leaving a warning like that alone.