Hello !

In some cases, we are confronted to situations where there is a conflict between two or more rules.
Let’s considers theses entities :

• user : an generic user
• roleA : allow of a permission (like Update records of module X )
• roleB : deny of a permission (like Update records of module X )

Here is some situations with a potential conflict:

• user is member of roleA and roleB
• user is member of roleA and roleB
• user is member of roleA and roleB is a contextual role (with expression = true)
• user is member of roleA (or roleB) but the permission is opposite than the one in Authentificated role.

I tried to dig into the documentation, but I didn’t find any notion about this. All I found is that Corteza uses a flat design and does not use hierarchy roles.

Can someone tell what would be the result of these situations ? This will definitely help a lot of us.

Thank you !

This should be explained in the security model section, more accurately the evaluation logic is noted here with some more content here and here.