phpGACL中文手册(七)
2006-08-11 15:49
363 查看
Resolving conflicts
解决冲突
What happens if we add Chewie to the list of Engineers?
如果我们把Chewie加入到工程师组中会出现什么情况呢?
缺省:全部拒绝
千年隼号乘客
├─船员 [允许:全部]
│ ├─Han
│ ├─Chewie [拒绝:发动机室]
│ └─Lando
├─乘客 [允许:休息室 ]
│ ├─绝地战士 [允许:驾驶室]
│ │ ├─Obi-wan
│ │ └─Luke [允许:武器室]
│ ├─R2D2 [允许:发动机室]
│ └─C3PO
└─工程师 [允许:发动机室,武器室]
├─Han
├─R2D2
├─Hontook
└─Chewie
This makes Chewie's access to the Engines ambiguous, because now there are two paths from the root of the tree to Chewie. If the ship's computer follows one path (along the "Crew" branch), the result is "DENY access to Engines." If it follows the other path (along the "Engineers" branch) then the result is "ALLOW access to Engines". So, is he allowed or denied?
这就使Chewie到发动机室的权限产生了歧义,因为从根沿树遍历到Chewie出现两条路径。如果飞船的计算机沿其中一条路径(船员路径),将得到"拒绝进入发动机室"的结论。而沿另一条路径(工程师路径)则会得到"允许进入发动机室"的结论,那么他到底有没权进入发动机室呢?
phpGACL will warn you if you add or edit an multiply-grouped ARO in such a way that the access to an arbitrary ACO would be ambiguous. But it is up to you to resolve the conflict.
当你添加或编辑分属多组的ARO对象使之对某个ACO对象的权限发生歧义时,phpGACL系统将警告你。但它会最近优先以便解决冲突。
If we now asked phpGACL the question "Does Chewie have access to Engines?" the result returned is the result given by the last ACL entry to be modified (this is phpGACL's policy). In this case the result is ALLOW, because the "ALLOW: Engines, Guns" directive assigned to the Engineers Group is more recent than the "DENY: Engines" directive assigned to Chewie's Group.
如果我们现在问phpGACL"Chewie有权进入发动机室吗?"那么返回的结果是最近ACL被修改的内容(这是phpGACL的策略)。在上面这个例子中,返回的结果是"允许",因为被工程师组指定的"允许:发动机室,武器室"权限的时间要比被船员组指定的"拒绝:发动机室"权限时间要近。
When ambiguous access entries exist in the ACL, the ACL is said to be inconsistent. Inconsistent ACLs can be very dangerous, and you may unwittingly provide access to inappropriate people if you allow your ACL to remain in this state. When phpGACL warns you that the ACL is inconsistent, it is best to resolve the conflicts as soon as possible to regain consistency.
当有歧义的权限设定在ACL列表中存在时,该ACL列表被称为不一致。不一致的ACL列表是非常危险的,如果你允许你的ACL列表保持在这种状况下的话,你可能会在不经意之下把权限赋给不恰当的人。当phpGACL警告你ACL列表不一致时,最好还是去解决冲突以尽可能恢复其一致性。
To resolve the conflict in this case, we could either:
为解决上例的冲突,我们可以作以下任何一步:
Remove the "DENY: Engines" directive from Chewie's entry under the Crew Group.
删除在船员组中Chewie的"拒绝:发动机室"指令
Add a "DENY: Engines" directive to Chewie's entry under the Engineers Group.
添加在工程师组中Chewie的"拒绝:发动机室"指令
Remove Chewie from the Engineers Group, since Han doesn't think him a worthy Engineer anyway.
在工程师组中删除Chewie,因为Han无论如何不认为他作工程师是一件值得考虑的事
Han chooses option 3, and removes Chewie from the Engineers list.
Han选了第三种方案,将Chewie从工程师组中删除
解决冲突
What happens if we add Chewie to the list of Engineers?
如果我们把Chewie加入到工程师组中会出现什么情况呢?
缺省:全部拒绝
千年隼号乘客
├─船员 [允许:全部]
│ ├─Han
│ ├─Chewie [拒绝:发动机室]
│ └─Lando
├─乘客 [允许:休息室 ]
│ ├─绝地战士 [允许:驾驶室]
│ │ ├─Obi-wan
│ │ └─Luke [允许:武器室]
│ ├─R2D2 [允许:发动机室]
│ └─C3PO
└─工程师 [允许:发动机室,武器室]
├─Han
├─R2D2
├─Hontook
└─Chewie
This makes Chewie's access to the Engines ambiguous, because now there are two paths from the root of the tree to Chewie. If the ship's computer follows one path (along the "Crew" branch), the result is "DENY access to Engines." If it follows the other path (along the "Engineers" branch) then the result is "ALLOW access to Engines". So, is he allowed or denied?
这就使Chewie到发动机室的权限产生了歧义,因为从根沿树遍历到Chewie出现两条路径。如果飞船的计算机沿其中一条路径(船员路径),将得到"拒绝进入发动机室"的结论。而沿另一条路径(工程师路径)则会得到"允许进入发动机室"的结论,那么他到底有没权进入发动机室呢?
phpGACL will warn you if you add or edit an multiply-grouped ARO in such a way that the access to an arbitrary ACO would be ambiguous. But it is up to you to resolve the conflict.
当你添加或编辑分属多组的ARO对象使之对某个ACO对象的权限发生歧义时,phpGACL系统将警告你。但它会最近优先以便解决冲突。
If we now asked phpGACL the question "Does Chewie have access to Engines?" the result returned is the result given by the last ACL entry to be modified (this is phpGACL's policy). In this case the result is ALLOW, because the "ALLOW: Engines, Guns" directive assigned to the Engineers Group is more recent than the "DENY: Engines" directive assigned to Chewie's Group.
如果我们现在问phpGACL"Chewie有权进入发动机室吗?"那么返回的结果是最近ACL被修改的内容(这是phpGACL的策略)。在上面这个例子中,返回的结果是"允许",因为被工程师组指定的"允许:发动机室,武器室"权限的时间要比被船员组指定的"拒绝:发动机室"权限时间要近。
When ambiguous access entries exist in the ACL, the ACL is said to be inconsistent. Inconsistent ACLs can be very dangerous, and you may unwittingly provide access to inappropriate people if you allow your ACL to remain in this state. When phpGACL warns you that the ACL is inconsistent, it is best to resolve the conflicts as soon as possible to regain consistency.
当有歧义的权限设定在ACL列表中存在时,该ACL列表被称为不一致。不一致的ACL列表是非常危险的,如果你允许你的ACL列表保持在这种状况下的话,你可能会在不经意之下把权限赋给不恰当的人。当phpGACL警告你ACL列表不一致时,最好还是去解决冲突以尽可能恢复其一致性。
To resolve the conflict in this case, we could either:
为解决上例的冲突,我们可以作以下任何一步:
Remove the "DENY: Engines" directive from Chewie's entry under the Crew Group.
删除在船员组中Chewie的"拒绝:发动机室"指令
Add a "DENY: Engines" directive to Chewie's entry under the Engineers Group.
添加在工程师组中Chewie的"拒绝:发动机室"指令
Remove Chewie from the Engineers Group, since Han doesn't think him a worthy Engineer anyway.
在工程师组中删除Chewie,因为Han无论如何不认为他作工程师是一件值得考虑的事
Han chooses option 3, and removes Chewie from the Engineers list.
Han选了第三种方案,将Chewie从工程师组中删除
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- phpGACL中文手册(一)
- phpGACL中文手册(五)
- phpGACL中文手册(六)
- phpGACL中文手册(八)
- phpGACL中文手册(二)
- phpGACL中文手册(九)
- phpGACL中文手册(十)
- phpGACL中文手册(三)
- phpGACL中文手册(十一)
- phpGACL中文手册(四)
- php chm中文手册201502月更新
- phpExcel中文帮助手册之常用功能指南
- PHP 4 完全中文手册
- [翻译]PhpGACL手册(五)
- eXtremeComponents中文手册 http://extremecomponents.org/wiki/index.php/Simplified_Chinese_Reference
- 分享PHP的GUI开发框架PHP-GTK中文开发手册
- PHP Redis中文手册
- Snoopy中文手册(php采集利器)-001【转】
- php-redis中文参考手册_list容器相关_lPush_rPush_lPushx_rPu...
- php-redis中文参考手册_zset_hash相关_zAdd_zRange_zDelete...