Permission confilct for User

Avatar

Avatar

shwethar9638050

Avatar

shwethar9638050

shwethar9638050

07-11-2019

HI Team,

I have 2 Users group and 1 User X

Ex: User X belongs to both Group A and Group B

Group A has 3 folders M,N,O where M have allow access and N,O have deny access similarly

Group B has 3 folders M,N,O where O have allow access and M,N have deny access

Now if you check the X User Permission their is a conflict and none of the permissions get displayed

Permissions

Only for Read ---- All 3 folders permission will be deny, rest for Modify,create,read ACL,for all others it will be allowed

How to enable group membership to add user to multiple groups which have conflict in deny /allow rules.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Arun_Patidar

MVP

Total Posts

3.1K

Likes

1.2K

Correct Reply

883

Avatar

Arun_Patidar

MVP

Total Posts

3.1K

Likes

1.2K

Correct Reply

883
Arun_Patidar
MVP

07-11-2019

Access rights from multiple group principals are evaluated based on their order, both within the hierarchy and within a single access control list.

Answers (6)

Answers (6)

Avatar

Avatar

sunjot16

Employee

Avatar

sunjot16

Employee

sunjot16
Employee

14-11-2019

Thank you for sharing the steps. I was able to reproduce the issue.

Please log a daycare ticket.

Avatar

Avatar

shwethar9638050

Avatar

shwethar9638050

shwethar9638050

11-11-2019

1.) Created a user named "testpermissions" .

2.) Create two groups, a.) testauthorgroup (Read permissions to content, we-retail, ca & ch) - Assign allow (check) to /content node, /content/we-retail node, similarly for ca and ch

& b.) testdevelopergroup (Read permissions to content, we-retail, de & es).- Assign allow (check) to /content node, /content/we-retail node, similarly for de and es

3.) Assigned "testpermissions" user to those two groups.

4.) "testpermissions" does not have Read permissions to ca, ch, de & es.

Avatar

Avatar

sunjot16

Employee

Avatar

sunjot16

Employee

sunjot16
Employee

11-11-2019

I got confused with the previous update.

Could you please share the steps in detail to reproduce the issue?

Avatar

Avatar

shwethar9638050

Avatar

shwethar9638050

shwethar9638050

10-11-2019

HI

The way you tried is correct but if you give permission to /content/we-retail/ca then the issue appears

Try the same as above but give allow access to ca,we-retail,content similarly for others, then the issue exists

Avatar

Avatar

sunjot16

Employee

Avatar

sunjot16

Employee

sunjot16
Employee

08-11-2019

For Read permissions as per your scenario, try clearing browser cache, close all browser tabs, open a new tab (e.g. Mozilla Firefox) in Incognito Window, follow the steps that you did, and while assigning groups, keep on saving them one-by-one.

I wasn't able to reproduce the issue.

1.) Created a user named "testpermissions" .

2.) Create two groups, a.) testauthorgroup (Read permissions to ca & ch) & b.) testdevelopergroup (Read permissions to de & es).

3.) Assigned "testpermissions" user to those two groups.

4.) "testpermissions" has Read permissions to ca, ch, de & es.

testauthorgroup permissions:

1851556_pastedImage_3.png

testdevelopergroup permissions:

1851884_pastedImage_4.png

testpermissions user groups:1851554_pastedImage_0.png

testpermissions user's permissions:

1851555_pastedImage_1.png

In case of any deny/allow conflicts, as Arun​ mentioned:

"

Access rights from multiple group principals are evaluated based on their order, both within the hierarchy and within a single access control list.

"

Avatar

Avatar

shwethar9638050

Avatar

shwethar9638050

shwethar9638050

07-11-2019

Arun Patidar

Can you please brief on the solution you provided.

The below is the scenario to consider

Ex:

Authors Group have Read permission for ca and ch

1851767_pastedImage_0.png

User Shwetha is member of Authors group and Developers group as well

1851768_pastedImage_6.png

Similarly Developer group have allow Read permission for de and es

1851769_pastedImage_7.png

Now there occurs a conflict none of the permissions is allowed for User Shwetha due to conflict

1851770_pastedImage_9.png

Now how to resolve the conflict occured for the User shwetha in order to maintain the group permission

How to enable group membership to add user to multiple groups which have conflict in deny /allow rules.