Assume that access controls are set on, and that an item has the following access control rules (and that no other rules are set):
This means that administrative users can perform modify operations. (This implicitly means that they can also perform read permissions.)
This means all operations are denied.
This means that registered users can perform modify operations. (This implicitly means that they can also perform read permissions.)
For that item, within the scope of those rules, and for the users specified in those rules:
No access rule is specified, so public users have no access.
The registered users access level rule allows registered users to read and modify this item, but because the protected items access rule is a higher precedence, the DSA uses that rule (which is a denial) and ignores the registered users rule.
The administrative users access level rule allows read and modify operations, and this rule has a higher precedence than the protected items rule.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |