Determine Permissions for example 2.
User X is a member of group U3, U2, and U1.
User Y is a member of group U4, U2, and U1.
Target A is a member of group T4, T2, and T1.
Target B is a member of group T5, T2, and T1.
Using Higher priority permissions and the policy engine
process, there are parent and grandparent groups and multiple permissions links defined in the
group hierarchy. The following permissions are applied for each example session.
- Session with user X and target A
- The only permissions link considered for user X and target A is the one between U1 and T1. User X is not a member of U4. Therefore, user X can start a Chat session with target A but not a Monitor session.
- Session with user X and target B
- Only the link between U1 and T1 is considered as user X is not a member of U4 and target B is NOT a member of T4. Therefore, user X can start a Chat session with target A but not a Monitor session.
- Session with user Y and target A
- There are two permissions links to be considered this time: U1 to T1 and U4 to T4. Therefore,
user Y can start a Monitor session with target A but not a Chat session. The priority 1 value set in
the link between U4 to T4 overrides the priority 0 value set in the link between U1 and T1.
Priority 1 No overrides priority 0 Yes.
Priority 1 Yes overrides priority 0 No.
- Session with user Y and target B
- The only permissions link that is considered for these two entities is the one between U1 and T1. Target B is not a member of T4. Therefore, user Y can start a Chat session with target B but not a Monitor session.
Note: The same explanation applies if the priority values that are set in the U4⇔T4 link are set to
5. Priority 5 overrides priority 1. Priority 1 overrides 0.