ACL scenarios , looking for clarity
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
β09-04-2025 11:11 AM
table.none to itil , table.* iti_admin , table.priority admin.. so what fields itil.admin would able to access , if itil_admin contains itil role then what will be the case , also it parent and child role plays role in acl
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
β09-04-2025 11:36 AM
Hi @darshan-pra
1. table.none ACL
- This ACL applies to all users, even those without any roles.
- If table.none denies access, it can block access entirely, unless another ACL explicitly allows it.
- It's often used as a default deny rule.
2. table.* ACL with itil_admin role
- This ACL allows access to all fields in the table for users with the itil_admin role.
- If a user has itil_admin, they can access the table and its fields unless a more specific field-level ACL restricts access.
3. table.priority ACL with admin role
- This ACL restricts access to the priority field to users with the admin role.
- Even if a user has itil_admin, they wonβt be able to access the priority field unless they also have admin.
Role Inheritance: itil_admin contains itil
- If itil_admin includes itil as a child role:
- A user with itil_admin will also satisfy ACLs that require itil.
- But a user with only itil will not satisfy ACLs that require itil_admin.
This is called role hierarchy or role inheritance.
If you found this response helpful, please mark it as Helpful. If it fully answered your question, consider marking it as Correct. Doing so helps other users find accurate and useful information more easily.
