Menu
▾
▴
Re: [Exist-development] Proposal to change security design of groups
|
From: Chris T. <chr...@gm...> - 2010-09-27 12:19:43
|
Unless membership in a group represents a restriction in the user's rights then self-removal can never increase the user's rights and so would seem to be permitted by the principle that no action by a user can increase their rights, only leave them the same or less. Chris On Sep 27, 2010, at 5:49 PM, Dmitriy Shabanov wrote: > 2) Any user can remove themselves from any group they choose - I > cannot think of a case where downgrading a users rights prevents a > security risk. This is the users right! > > We must think in different strategies: access grant or denied. Very often, better to deny access than grant, so removing must be limited to group's managres only. > |
