15 11 2014
Difference Between Grant, Deny And Unspecified
When a user selected security model as custom, the user need to add permissions to all the users and user groups who needs to access the App. For setting permissions the user have to add the name of the user. Then user can see three options for setting an access say for read access the user can Grant the access or can deny the action or they can make the access unspecified. Let us go through these three options to understand the mode of access in detail.
1. Grant: If the user grants an access, then the user having that permission can get that access. For example, for an entity book the user have read access granted and update access denied, then the user can read the details of that book. But he cannot do any sort of updating. For a user while checking for access rights by the Secure First, it will check whether the read access is granted to the user at both the user level as well as user group level. If at any point read access is denied. Then read access will also denied even if it is granted at user level.
2. Deny: If the user got denied to an access at user level or user group level, then the user won’t get that access. If at any level the access is denied even if it is granted at the user group level.
3. Unspecified: This will act as a neutral component. Consider if a user have get read access to an entity. But the user group in which the user belong to don’t need this access. In this case at user group level the read access will be unspecified. So the users in this group won’t get this access but for this particular user at user level given read access as granted, so that the user will get the read access finally. If at user group the read access is denied then the user won’t get the read access further.