Hey,
Let's say I want to allow creating custom roles with custom permission on
scopes (to allow access to multiple resource types and actions). So per
role, I wanted to create a matching permission with the allowed scopes
(resource-type-foo-create/resource-type-bar-create/etc..) and policies
accordingly (role/client/user/group).
So if I have:
Role A
Allowed: foo-create, foo-read, bar-read
Role B
Allowed: foo-read, bar-read
Because they have conflicting scopes, foo-read always gets denied. So as I
see, it can't be done this way. Maybe there should be a Decision Strategy
to permissions evaluation like in a single permission with policies?
Thanks,
Or
Show replies by date