Hi, As I am browsing the Authorization code and doing some tests, I saw that we do not have a ATTRIBUTE_VALUE scope in the following class: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/OperationScope.java?view=markup
IMO, we need such an operation scope because in a case where you have allAttributeValues protectedItem with grantAdd permission you should be only allowed to add new values to an existing attribute. So this kind of operation only deals with values, not attribute type or not both. If I am right, not handling this operation scope causes several problems in the Authorization system which is the real problem. I still need to write some tests and figure out which part of the code really deals with handling those scopes. I just wanted to inform you and get you ideas on the topic if any. Thanks. -- Ersin
