GYWang1983

> @GYWang1983 I think it should be false. If your `policy_effect` is `e = some(where (p.eft == allow))`, it will be true. > For `alice, data1, write`, `p, writer, data1,...

@tangyang9464 Because the policies are not contradictory in each role, writer role and reader role each can work fine. Usually people want to use `writer + reader = allow to...

@tangyang9464 Thanks for reply. In our case, the `obj` is like this `{tenant_id}:{project_id}:{app_id}:{sub_object}`，users could have a role to grant permissions to manage all app in one project besides some specified...

@tangyang9464 Nobody want to add a policy manually after creating an app. They expect the system to do it automatically. So we need another policy system to determine whether we...

I need this api too. Because of the administrator wants to LOCK and LOGOUT some other users.