cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Additiv User Rights

Go to solution
StefanKruk
Active Participant

on ‎07-04-2018 4:20 PM

0 Kudos

Hello Experts,

we have a Base_Group that allowes to read everything on Product. We do not have restriction on this level. Below the Base_Group we created two groups Group1 and Group2. Both Groups has the right to edit product

BUT Group1 is allowed to edit everything except B2C Fields and Group2 is only allowed to edit B2C Fields. Now we want a User that has both Roles and is able to edit everything that Group1 and Group2 is allowed to edit.

It is not an option to create a third Group with the Rights we want and it is not an option to give the specific User the Rights.

I know that the Standard in Hybris is that Restrictions are Stronger than Positivs like explained in https://help.hybris.com/6.7.0/hcd/8b4aa00e866910148df2920f69d68b27.html .

Question: Is there a way to have Additiv User Rights in Hybris? So that the User can be in Group1 AND Group2.

EDIT: We war using Hybris 6.7.0.0

Show replies
Show replies
Answer
View Entire Topic
StefanKruk
Active Participant
‎07-05-2018 10:47 AM
0 Kudos

Just found the Answere myself. This Access Right Inheritance is not documented but i found it in de.hybris.platform.servicelayer.security.permission.PermissionCheckingServiceTest.

if testgroup1 explicitly denies Permission1 and testgroup3 explicitly allowes Permission1 the effective Acces Right for testuser is granted.

With this it is possible to have multiple Groups assigned to a User.

Show replies
Show replies
Ask a Question