Open krishnilak opened 4 years ago
The permission model is defined in the inclusive inheritance. There is only "allow", which inherits permission to all children. There is no plan to implement "deny" with "allow", as it will add lot of performance overhead. Simple rule assignment is efficient at runtime. Yes, there is a bit of difficulty managing the permissions. However we need to weigh performance over easiness in this permission assignment.
Hi, In the management console, when we assign permissions to a user role, it does not allow untick permissions within child elements, until parent elements are unticked. This makes the user do additional work to select permissions one by one.