wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 727 forks source link

Assigning permissions to user roles - cannot untick child element permissions. #7453

Open krishnilak opened 4 years ago

krishnilak commented 4 years ago

Hi, In the management console, when we assign permissions to a user role, it does not allow untick permissions within child elements, until parent elements are unticked. This makes the user do additional work to select permissions one by one.

Screen Shot 2020-02-03 at 1 52 49 PM
ruwanta commented 4 years ago

The permission model is defined in the inclusive inheritance. There is only "allow", which inherits permission to all children. There is no plan to implement "deny" with "allow", as it will add lot of performance overhead. Simple rule assignment is efficient at runtime. Yes, there is a bit of difficulty managing the permissions. However we need to weigh performance over easiness in this permission assignment.