Why does a voter abstain in Neos/Flow?

In the security document for Flow it says:

You might imagine that a voter has to return an abstain vote, if it is not able to give a proper grant or deny vote.

But why is a voter not able to give a proper grand/deny?? Would be nice to know exactly why a voter has to abstain.

Solution

Because for the active roles neither grant or deny are configured for the privilege. In that case the voter abstains.

So all roles must say something about all privilage targets?

Yes, unless you want them to abstain. It's part of the concept. Abstain is a "soft" deny. If you really DENY it is denied for all times if you have that role. Abstain can be overruled by GRANT from another role

Migration exception: alter table --> Column already exists: 1060 Duplicate column name
typo3 flow persist updated relation
Proper .gitignore file for a Neos Flow project?
Localization of Domain Models in Neos / Flow
File downloads are randomly failing in IIS with PHP
Neos 2.1 on Mac MAMP PRO using fcgi
typo3 flow: variable in repository
typo3 flow: "Result could not be converted to string" - get field content of query result
Flow: Convert object to array for CSV export
typo3 flow: catch exception and forward back to originating action
how to use validationResover
ValidateNumber localization i Flow
Does Flow support the unique annotation from Doctrine?
'Package "doctrine.common" is already registered as "Doctrine.Common"
Packages in Neos (Composer)
How can I match with the persistent_object_identifier?
How can I show a custom 404 page when access is denied to a node or method in Neos?
Why does a voter abstain in Neos/Flow?
Routes for Neos plugin
Bidirectional One-To-One Relationships in Flow
Copy/clone model with relations
Can I extend or hook in to update method of a repository?
typo3 flow isDirty on model