[HELP-8803] [fiware-stackoverflow] FIWARE AuthZForce doesn't check the second rule inside the same PolicySet - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:
- fiware
- fiware-wilma

Source URL:
https://stackoverflow.com/questions/42116198/fiware-authzforce-doesnt-check-the-second-rule-inside-the-same-policyset
HD-Chapter:
Security
HD-Enabler:
AuthZForce

Description

Created question in FIWARE Q/A platform on 08-02-2017 at 15:02
Please, ANSWER this question AT https://stackoverflow.com/questions/42116198/fiware-authzforce-doesnt-check-the-second-rule-inside-the-same-policyset

Question:
FIWARE AuthZForce doesn't check the second rule inside the same PolicySet

Description:
I have created two roles, on the KeyRock, and for each of them I have linked a different permission

User1->Role1->Perm1(access to Res1)

User2->Role2->Perm2(access to Res2)

After saved, I see on AuthZforce's file system a new domain that it has 3 policies.

The first policy is cm9vdA/. It has a <PolicySet> , a <Policy> and a <Rule Effect="Permit" RuleId="permit-all" />
The last policy has a <PolicySet>, two <Policy> and two rules (one for each permission)
The domain's pdp.xml contains a <policyRef> that aims to the last created policy (<policyRef>331409a9-6014-4cfd-9180-f04bb22481f4</policyRef>).

Following there is the policy's xml file.

<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" Version="1.0" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit">
<Description>Policy Set for application 3829292cdc25477dace68f376ef79d8b</Description>
<Target/>
<Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit">
<Description>Role 9d2ebfde53044d2a8c22df3fe753b630 from application 3829292cdc25477dace68f376ef79d8b</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule RuleId="fe8f4ebb98054feeb26bfc01eb93cce1" Effect="Permit">
<Description>res1</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res1</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">9d2ebfde53044d2a8c22df3fe753b630</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Apply>
</Condition>
</Rule>
</Policy>
<Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit">
<Description>Role 729019b1a9d44380b8b74dc788053dde from application 3829292cdc25477dace68f376ef79d8b</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule RuleId="1d9bce94aaf04127b7ec8cfc63d17622" Effect="Permit">
<Description>res2</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res2</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">729019b1a9d44380b8b74dc788053dde</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Apply>
</Condition>
</Rule>
</Policy>

When the User1 tries to access (by Wilma PeP Proxy) to the res1, the matching is true, the condition is satisfied and the Decision is "Permit".

If User1 tries to access to the res2... the Decision is "Deny".

But....

When the User2 tries to access (by Wilma PeP Proxy) to the res2... the Decision is "Deny".

Looking the AuthZforce's log file, I see that the PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" is correctly identified but the check stops to the first rule. Infact, it compares the requested resource "res2" with "res1" and denies because they don't match. The check doesn't continue to evaluate the next rule where there is "res2" and the comparison should be true.

Which is the problem?

Thanks for cooperation.

Activity

Ascending order - Click to sort in descending order

Backlog Manager created issue - 22/May/17 3:06 PM

Hide

Permalink

Backlog Manager added a comment - 22/May/17 3:06 PM

2017-05-22 15:07|CREATED monitor | # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 22/May/17 3:06 PM 2017-05-22 15:07|CREATED monitor | # answers= 1, accepted answer= False

Backlog Manager made changes - 22/May/17 3:06 PM

Field	Original Value	New Value
Component/s		FIWARE-TECH-HELP [ 10278 ]

Backlog Manager made changes - 22/May/17 6:04 PM

Status

Open [ 1 ]

In Progress [ 3 ]

Hide

Permalink

Backlog Manager added a comment - 22/May/17 6:04 PM

2017-05-22 18:06|UPDATED status: transition Answer| # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 22/May/17 6:04 PM 2017-05-22 18:06|UPDATED status: transition Answer| # answers= 1, accepted answer= False

Backlog Manager made changes - 22/May/17 9:04 PM

Status

In Progress [ 3 ]

Answered [ 10104 ]

Hide

Permalink

Backlog Manager added a comment - 22/May/17 9:04 PM

2017-05-22 21:06|UPDATED status: transition Answered| # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 22/May/17 9:04 PM 2017-05-22 21:06|UPDATED status: transition Answered| # answers= 1, accepted answer= False

Fernando Lopez made changes - 28/May/17 8:02 PM

Assignee

Cyril Dangerville [ cyril.dangerville ]

Fernando Lopez made changes - 28/May/17 8:03 PM

HD-Enabler		AuthZForce [ 10887 ]
Description	Created question in FIWARE Q/A platform on 08-02-2017 at 15:02 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/42116198/fiware-authzforce-doesnt-check-the-second-rule-inside-the-same-policyset +Question:+ FIWARE AuthZForce doesn't check the second rule inside the same PolicySet +Description:+ I have created two roles, on the KeyRock, and for each of them I have linked a different permission User1->Role1->Perm1(access to Res1) User2->Role2->Perm2(access to Res2) After saved, I see on AuthZforce's file system a new domain that it has 3 policies. The first policy is cm9vdA/. It has a <PolicySet> , a <Policy> and a <Rule Effect="Permit" RuleId="permit-all" /> The last policy has a <PolicySet>, two <Policy> and two rules (one for each permission) The domain's pdp.xml contains a <policyRef> that aims to the last created policy (<policyRef>331409a9-6014-4cfd-9180-f04bb22481f4</policyRef>). Following there is the policy's xml file. <PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" Version="1.0" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit"> <Description>Policy Set for application 3829292cdc25477dace68f376ef79d8b</Description> <Target/> <Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit"> <Description>Role 9d2ebfde53044d2a8c22df3fe753b630 from application 3829292cdc25477dace68f376ef79d8b</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Rule RuleId="fe8f4ebb98054feeb26bfc01eb93cce1" Effect="Permit"> <Description>res1</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res1</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">9d2ebfde53044d2a8c22df3fe753b630</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Apply> </Condition> </Rule> </Policy> <Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit"> <Description>Role 729019b1a9d44380b8b74dc788053dde from application 3829292cdc25477dace68f376ef79d8b</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Rule RuleId="1d9bce94aaf04127b7ec8cfc63d17622" Effect="Permit"> <Description>res2</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res2</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">729019b1a9d44380b8b74dc788053dde</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Apply> </Condition> </Rule> </Policy> When the User1 tries to access (by Wilma PeP Proxy) to the res1, the matching is true, the condition is satisfied and the Decision is "Permit". If User1 tries to access to the res2... the Decision is "Deny". But.... When the User2 tries to access (by Wilma PeP Proxy) to the res2... the Decision is "Deny". Looking the AuthZforce's log file, I see that the PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" is correctly identified but the check stops to the first rule. Infact, it compares the requested resource "res2" with "res1" and denies because they don't match. The check doesn't continue to evaluate the next rule where there is "res2" and the comparison should be true. Which is the problem? Thanks for cooperation.	Created question in FIWARE Q/A platform on 08-02-2017 at 15:02 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/42116198/fiware-authzforce-doesnt-check-the-second-rule-inside-the-same-policyset +Question:+ FIWARE AuthZForce doesn't check the second rule inside the same PolicySet +Description:+ I have created two roles, on the KeyRock, and for each of them I have linked a different permission User1->Role1->Perm1(access to Res1) User2->Role2->Perm2(access to Res2) After saved, I see on AuthZforce's file system a new domain that it has 3 policies. The first policy is cm9vdA/. It has a <PolicySet> , a <Policy> and a <Rule Effect="Permit" RuleId="permit-all" /> The last policy has a <PolicySet>, two <Policy> and two rules (one for each permission) The domain's pdp.xml contains a <policyRef> that aims to the last created policy (<policyRef>331409a9-6014-4cfd-9180-f04bb22481f4</policyRef>). Following there is the policy's xml file. <PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" Version="1.0" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit"> <Description>Policy Set for application 3829292cdc25477dace68f376ef79d8b</Description> <Target/> <Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit"> <Description>Role 9d2ebfde53044d2a8c22df3fe753b630 from application 3829292cdc25477dace68f376ef79d8b</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Rule RuleId="fe8f4ebb98054feeb26bfc01eb93cce1" Effect="Permit"> <Description>res1</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res1</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">9d2ebfde53044d2a8c22df3fe753b630</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Apply> </Condition> </Rule> </Policy> <Policy PolicyId="" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit"> <Description>Role 729019b1a9d44380b8b74dc788053dde from application 3829292cdc25477dace68f376ef79d8b</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">3829292cdc25477dace68f376ef79d8b</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Rule RuleId="1d9bce94aaf04127b7ec8cfc63d17622" Effect="Permit"> <Description>res2</Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">res2</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:thales:xacml:2.0:resource:sub-resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">729019b1a9d44380b8b74dc788053dde</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Apply> </Condition> </Rule> </Policy> When the User1 tries to access (by Wilma PeP Proxy) to the res1, the matching is true, the condition is satisfied and the Decision is "Permit". If User1 tries to access to the res2... the Decision is "Deny". But.... When the User2 tries to access (by Wilma PeP Proxy) to the res2... the Decision is "Deny". Looking the AuthZforce's log file, I see that the PolicySetId="331409a9-6014-4cfd-9180-f04bb22481f4" is correctly identified but the check stops to the first rule. Infact, it compares the requested resource "res2" with "res1" and denies because they don't match. The check doesn't continue to evaluate the next rule where there is "res2" and the comparison should be true. Which is the problem? Thanks for cooperation.
HD-Chapter		Security [ 10841 ]

Fernando Lopez made changes - 28/May/17 8:03 PM

Resolution		Done [ 10000 ]
Status	Answered [ 10104 ]	Closed [ 6 ]

Fernando Lopez made changes - 27/May/21 10:59 AM

Fix Version/s

2021 [ 12600 ]

Transition

Time In Source Status

Execution Times

Last Executer

Last Execution Date

Open

In Progress

2h 58m

Backlog Manager

22/May/17 6:04 PM

In Progress

Answered

2h 59m

Backlog Manager

22/May/17 9:04 PM

Answered

Closed

5d 22h 58m

Fernando Lopez

28/May/17 8:03 PM

People

Assignee:

Cyril Dangerville

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

22/May/17 3:06 PM

Updated:

27/May/21 10:59 AM

Resolved:

28/May/17 8:03 PM

Agile

View on Board