How to override groups permission over users permission in SenseNet?

Question

I am using SenseNet V 6.3 Community Edition.

I am doing these steps:

1. I have set Allow permission of node p to user [email protected]

2. Access node p from user [email protected] by Node.LoadNode() (Successful)

3. I have set deny permission of node p to user [email protected]

4. I have set allow permission of node p to group which have [email protected] as member

5. Access node p from user [email protected] by Node.LoadNode() (Error)

I am getting Access Denied error.

It seems not overriding groups permission over users permission or it seems not overriding latest permission.

How can I achieve this?

Answer 1

This is by design: deny permission is always stronger than allow. So if you set explicit deny for a user, you cannot allow the same thing through a group. The time of setting the permissions or whether it is a group or user does not matter: the rule is that deny overrides allow.

This is why working with deny should be the last option. It is better to remove the allow permission for a user and than you can allow it through a group.

For details about breaking permissions, local permissions and the whole permission system in general, please visit this article.