How are ACL's applied when a user is in multiple groups

Document ID : KB000015975
Last Modified Date : 14/02/2018
Show Technical Document Details

When a user is in multiple ACL groups with different permissions what determines which ACL is applied

For Example user x is in Groups 1 and 2.

  • Group 1 has Read Only (R) access
  • Group 2 has Read Write (RW) access

does user x get (R) or (RW)?


This depends on the version of UIM

  • 8.47 and above user x receives (RW)
    • From 8.47 If a user is in 2 different Groups , both of which are mapped to an ACL, then the user will be authenticated and both ACL's will be applied, ie the user will receive access to all resources defined in both ACL's. If there is a conflict then the Highest permission is applied. eg (RW) + (R) = (RW)

  • Before 8.47 user x receive (R)
    • Before 8.47 the lowest permission was applied eg (RW) + (R) = (R)