When evaluating authorization, sets of consolidation rules are used to determine access based on these factors:
The security role assigned. See Security Roles.
The permissions and restrictions defined. See Access Permissions.
Authorization priority rules. See Priority Rules.
Access is granted only if the consolidated rule is one of these values:
Grant All
Grant Group
Grant Single
For example, if two conditional access permissions are assigned to a user and both conditions satisfied during authorization evaluation, access is granted as follows:
Table 3. Consolidation Rule Example
Permission 1 | Permission 2 | Consolidated Result | Access Granted |
|---|---|---|---|
Grant All (5) V, E, D, C1, C2 | Deny All (6) D, C1 | V(5), E(5), D(5), C1(5), C2(5) | V, E, D, C1, C2 |
Grant All (5) V, E, D, C1, C2 | Deny Single (2) D, C1 | V(5), E(5), D(2), C1(2), C2(5) | V, E, C2 |
Grant All (5) V, E, D | Deny All (6) D, C1 | V(5), E(5), D(5), C1(6), C2(0) | V, E, D |
Grant All (5) V, E, D | Deny Single (2) D, C1 | V(5), E(5), D(2), C1(2), C2(0) | V, E |