3.1.1. Examples of access rights calculation
Document Actions
The following three situations exemplify how the access rights are calculated from all considered rules:
Example 1
Consider the following canonical path with the nodes listed in top down order and their corresponding rules:
| Node A: Top Node | Rule 1: Read Annotation Files Allow (normal priority) for user X |
| Node B | Rule 2: Read Annotation Files Deny (normal priority) for user X |
Node C: Resource - annotation file
test.txt | - |
Both rules concern the reading of annotation files
by user X and both rules have the same priority. This results in a
conflict. In this example rule 1 allows user X to read the annotation
file test.txt on node C and rule 2 denies the
file to be read by user X. Since both rules have the same priority,
AMS cannot make a choice based on the priority principle. Next, AMS
applies the closeness principle expressing that only rules from nodes
that are closest to the resource are weighted heavier. Applying this
principle results in the outvoting of rule 1 leaving only rule 2.
Since rule 2 denies reading annotation files, AMS also denies user X
to read the annotation file test.txt.
Putting rule 2 on node A and rule 1 on node B results in the
discarding of rule 2 based on the closeness principle. The remaining
rule 1 results AMS in allowing user X to read the annotation file
test.txt.
Example 2
Another canonical path and corresponding rules:
| Node A: Top Node | Rule 1: Read Annotation Files Allow, highest priority for user X |
| Node B | Rule 2: Read Annotation Files Deny, high priority for user X |
| Node C | Rule 3: Read Annotation Files Deny (normal priority) for user X |
Node D: Resource - annotation file
test.txt | - |
One of the three rules in this example allows user X
to read the annotation file test.txt, while the
other two deny reading the file. Moreover, all three rules have a
different priority level. Applying the priority principle results in
the outvoting of rule 2 and 3 because only rule 1 has the highest
priority found in the three rules. The final result is that AMS allows
user X to read the annotation file of node D.
Example 3
A slightly more complicated example is the following canonical path and corresponding rules:
| Node A: Top Node | Rule 1: Read Annotation Files Deny, high priority for user X | ||
| Node B |
| ||
| Node C | Rule 4: Read Annotation Files Deny (normal priority) for user X | ||
Node D: Resource - annotation file
test.txt | - |
Applying the priority principle discards rule 4 because the highest priority level is high and rule 4 has a lower priority level. This leaves rule 1, 2 and 3. Applying the closeness principle discards rule 1 leaving rule 2 and 3. Since we are interested in the access rights of user X and user X is a member of group G rule 2 and 3 are still in conflict. So, AMS applies the constraint principle. This means that if there is still a rule denying the right to read a resource, that rule is applied to calculate the final access right.
Release of ELAN 4.3.0
