I am using SenseNet V 6.3 Community Edition.
I am doing these steps:
I have set Allow permission of node p to user [email protected]
Access node p from user [email protected] by Node.LoadNode() (Successful)
I have set deny permission of node p to user [email protected]
I have set allow permission of node p to group which have [email protected] as member
Access node p from user [email protected] by Node.LoadNode() (Error)
I am getting Access Denied error.
It seems not overriding groups permission over users permission or it seems not overriding latest permission.
How can I achieve this?
This is by design: deny permission is always stronger than allow. So if you set explicit deny for a user, you cannot allow the same thing through a group. The time of setting the permissions or whether it is a group or user does not matter: the rule is that deny overrides allow.
This is why working with deny should be the last option. It is better to remove the allow permission for a user and than you can allow it through a group.
For details about breaking permissions, local permissions and the whole permission system in general, please visit this article.