Integration Server 10.11 | Integration Server Administrator's Guide | Controlling Access to Resources | Controlling Access to Resources with ACLs | About ACLs | Users that Belong to More than One Group
 
Users that Belong to More than One Group
A user can be a member of one or more groups. The following table summarizes how the server handles access for a user that is a member of a single group. Access can be any of List, Read, Write, or Execute.
If a user is a member of a group that is:
Access to the package, folder, or other element is:
Allowed
Allowed
Denied
Denied
Not-specified
Denied
But what happens when the user is a member of more than one group? To determine the access setting for a user that is member of more than one group, Integration Server assigns different strengths to the settings. Specifically, Denied overrides Allowed, and Allowed overrides Not-specified.
For example, suppose user Smith is a member of three groups, and each group has a different List access to the FY2013 package, as shown below.
Group
List access to FY2013 package
Accounting
Not-specified
Support
Denied
Corporate
Allowed
As a result of these settings, Smith is denied List access to the package because the Denied setting of the Support group overrides the other settings.