Hi List, Sachin, Policy Engine seems to work on the principle of Least Privilege. I came across an ambiguous situation in this regard.
Lets take the case, where user provisioned ACL to device mentioning the SubjectID and resources to be accessed with particular CRUDN access. And then user wanted to update the ACL provisioned. Say in this second instance he just modified the access to be Read-only. I observed that PE still grants permission to perform Write also. On observing the Persistent storage file (json.db), I see that there are two ACE for same Subject and resource. I think the ACE entries should have been updated in this instead of being appended. Similar observation is there when in 1st instance its Read-Only and then updated to all CRUDN. Still only read is allowed. It seems to be matching the Subject, Resource and granting access against the 1st ACE. regards, Ashwini -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151124/36b27778/attachment.html>
