policy://103_ShipmentReadassigned to it, to not have access to the
policy://103_ShipmentPricing, but the
Shipment/*rule will always allow it. I can manually add
denyon those fields in
103_ShipmentReadpolicy, but that will be error prone for the amount of fields I have. Is there a way to accomplish what I'm trying to do?
Hi, I'm using an ABAC and a RBAC role management system, I don't want to use an adapter but provide the user role to the enforcer instead.
Knowing that I have admin > manager > contributor. Is it a good practice to define role hiearchy like this:
g = underscore , underscore
g, admin, manager
g, manager, contributor
g, contributor, *