On 25 September 2014 15:26, Stephen Frost <sfrost@snowman.net> wrote:
>> I expected this to still trigger an error due to the first policy. Am
>> I to infer from this that the policy model is permissive rather than
>> restrictive?
>
> That's correct and I believe pretty clear in the documentation- policies
> are OR'd together, just the same as how roles are handled. As a
> logged-in user, you have the rights of all of the roles you are a member
> of (subject to inheiritance rules, of course), and similairly, you are
> able to view and add all rows which match any policy which applies to
> you (either through role membership or through different policies).
Okay, I see now. This is a mindset issue for me as I'm looking at
them like constraints rather than permissions. Thanks for the
explanation.
Thom