> Is there a way for a user to be part of multiple groups? Yes and no. ARO's and ACO's are organized in a tree-based fashion, so if a node is a child of another node, it inherits that node's permissions as well as the permissions of any node which the parent node is a child of. However, the concept of a node being the child of more than one parent does not exist within the system.
> my understanding of windows is, a deny > is teh most powerfull. ie, if one permission says you are denied, the > even if another says you are permitted you are still denied. That sounds like a very inflexible system. Cake's ACL system works off of a similar 'default deny' premise, but it allows you to, for example, deny permissions on an object to a group, but allow permissions on an object to a specific user in a group. By default, users will inherit the permissions settings of their parent node, but you can override any setting at any level. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
