In GT 4.0, what happens if both the container and service security descriptors have a configured authz chain? Does the authz chain configured at the service level override the authz chain at the container level? Is it possible to configure a PIP at the container level such that this PIP is always invoked, regardless of whether or not an authz chain is configured at the service level?
Same question for GT 4.1+. Thanks, Tom
