Slide 40
Slide 40 text
pred allowedByStatement(s : Statement, ...) {...}
pred deniedByPolicy(p : Policy, ...) {...}
pred allowedByPolicy(p : Policy, ...) {...}
pred allowed(u : User, r : Resource, a : Action) {
no p : u.policy | deniedByPolicy[p, r, a]
some p : u.policy | allowedByPolicy[p, r, a]
}
pred requirement {
some u : User, r : Resource, a : Action {
allowed[u, r, a]
}
}
run requirement
#jd2018_c