3.1. Basic principles
Document Actions
Before creating or editing rules, we will take a closer look at the principles behind the access policies in AMS. This is quite important given the potential for confusion if there is more than one rule that applies to a certain domain. There are two situations that are potentially confusing:
Lets say that node A has a rule allowing user X to read annotation files. That means that user X is allowed to read all annotation files in the domain of node A (i.e. annotation3 in Figure 3.1). Now say that one of the ancestors of node A, node B, has a rule denying user X to read annotation files. That means that user X is not allowed to read any annotation file in the domain of node B. If we consider that the domain of node A is in fact part of the domain of node B, we see that the rules of both nodes are in conflict.
Lets say a node has two rules (see Figure 3.2). One rule allows user X to read annotation files. The other rule denies group G to read annotation files. Consider user X to be a member of group G. That means that the two rules concern user X, one allowing and the other denying user X to read annotation files. Again, the two rules are in conflict.
Only rules that apply to the same resource type (annotations in the examples above) can conflict. If two rules do not apply to the same resource type they cannot conflict.
The fact that rules may conflict raises the question of how AMS determines whether a user is allowed to read or open a resource. To be able to answer that question we state the following basic principals:
A rule either allows or denies access to a resource for a specific user or for all members of a group.
The list containing a node and all of its ancestors is called the canonical path of that node. (Remember that each node has only one parent, so that a node and all its ancestors form a list from root node up to that node.)
To calculate the access rights of a resource all rules in the canonical path are considered.
A rule can have the following priority levels:
Highest
High
Normal
![[Note]](images/note.png)
Note Only users with the Archive Manager role can use the highest level of priority when adding and editing rules.
Now that we have seen what basic principles are involved in the calculation of the access rights, we state the principles of the calculation itself. These principles are applied by AMS is the same order as we show them here:
The priority principle: The highest priority of the considered rules is determined and all rules with a priority lower than that are outvoted.
The closeness principle: From the nodes in the canonical path that have at least one rule, only the rules from the node that is closest to the resource is kept. All other rules are outvoted. Consider for example the canonical path A-B-C-D-resource (top down). If both node A and node C have a rule, only the rule on C is kept. The rule on node A is outvoted.
The constraint principle: If there is more than one rule applying to the same resources type, the rules have equal priority and equal closeness and they are conflicting (at least one is denying and one is allowing a user to read a resource), access to the resource is denied. So denying outvotes allowing.
So in short, AMS first selects rules with the highest priority. Than it selects rules on nodes closest to the resource from the remaining rules. Finally, it looks whether one of the remaining rules denies the resource to be read. By applying the calculation principles this way AMS avoids conflicting situations as described at the beginning of this section.
Release of ELAN 4.3.0
