On the Permission resource definition, combining field define the rules of conflict resolution: deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
It currently have cardinality of 1..1, however it is possible for users to support multiple resolution in the list. For example, it is possible to support both deny-overrides and deny-unless-permit at the same time.
The ordered overrides may be technically difficult to support, what is the use case for ordered overrides? why is deny-override / permit-override not sufficient for access determination?
sherryyuan-gcp
commented
11 months ago
On the Permission resource definition, combining field define the rules of conflict resolution: deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
It currently have cardinality of 1..1, however it is possible for users to support multiple resolution in the list. For example, it is possible to support both deny-overrides and deny-unless-permit at the same time.
The ordered overrides may be technically difficult to support, what is the use case for ordered overrides? why is deny-override / permit-override not sufficient for access determination?