The answer depends on what role permissions you assign to an object.
In the example you gave, if you assign only a role permission for A then all of the members of A and B will be granted the access defined by the role class of A. In other words, only the membership of B is included in the membership of A, the access definitions of B play no role (pun intended).
Conversely, if you assign only a role permission for B then A is irrelevant and the members of B get the access defined by the role class of B.
Finally, if you assign role permissions for both A and B, the direct members of A will get the access defined by A, but the members of B will get the union of the access defined by A and B.
------------------------------
Mike
------------------------------
Original Message:
Sent: Thu April 21, 2022 05:30 AM
From: Yannick Martin
Subject: Role-based access - Cascade roles
Hi,
we're implementing role-based accesses for the first time.
In the documentation, there's no explanation about the cascade roles.
In a role A we add another role B as member. Each role, A and B, has its own access permissions.
How the roles A and B access permissions are handled on an object, it is a combination or exclusive ,... ?
Thanks for help
------------------------------
Yannick Martin
------------------------------