Determine permissions for example 4
User X is a member of group U3, U2, and U1.
User Y is a member of group U4, U2, and U1.
Target A is a member of group T4, T2, and T1.
Target B is a member of group T5, T2, and T1.
Using No overrides Yes when priority values are the same and the policy engine process, there are parent and grandparent groups, and there are multiple permissions links defined in the group hierarchy. The following permissions are applied for each example session.
- Session with user X and target A
- There are 2 permissions links to be considered for these two entities. The link between U2 and
T2 and the link between U1 and T1. Both links have priority 0 permissions set. U2 ⇔ T2 has Chat set
to priority 0 No and U1 ⇔ T1 has Chat set to priority 0 Yes. Therefore, user X cannot start a Chat
session or a Monitor session with target A. The priority 0 No for Chat in U2 to T2 overrides the
priority 0 Yes for Chat in U1 to T1. Note: The link between U4 and T4 is not considered as user X is NOT a member of group U4.
- Session with user X and target B
- Only the links between U2 and T2 and U1 and T1 are considered. User X is not a member of U4 and target B is not a member of T4. Therefore, user X cannot start a Chat session or a Monitor session with target B.
- Session with user Y and target A
- There are 3 permissions links to be considered. U1 to T1, U2 to T2, and U4 to T4. Therefore, user Y can start a Monitor session with target A. The priority 1 value set in the link between U4 to T4 override the priority 0 values set in the link between U1 and T1. A Chat session cannot be started because the priority 1 value No, set for Chat in the U4 to T4 link, overrides the priority 1 No in the U2 to T2 link and the priority 0 Yes in the U1 to T1 link.
- Session with user Y and target B
- There are 2 permission links considered for these two entities. U2 to T2, and U1 to T1.
Therefore, user Y cannot start a Chat session or a Monitor session with target B. The priority 0 No
value for Chat in the link between U2 to T2 overrides the priority 0 Yes value for Chat in the link
between U1 to T1. Note: The link between U4 and T4 is not considered as target B is not a member of group T4.
Note: The same explanation applies if the priority for Yes and No is both set to 1 or 5. No
overrides Yes when the priority values are the same.