[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL for multiple groups



Dear all,

I have to develop a directory for multiple groups. Each group has different access control rights. If a user is a member of several groups, which access control right should he have? Does he have the greatest right among all group (say, the write right is greater than the read)?

For example, John is a member of sales group and a member of senior manager group (see the table).
__________________________________________
John DN: uid = john, ou = staff, dc=abc, dc=com
He has right to compare customer information 
__________________________________________
Sales DN: ou=sales, dc=abc, dc=com
member: uid = john, ou = staff, dc=abc, dc=com
This group has right to read customer information 
__________________________________________
Sales DN: ou=senior manager, dc=abc, dc=com
member: uid = john, ou = staff, dc=abc, dc=com
This group has right to write customer information 
__________________________________________

When John logins , what is the access right of John?