Authorization issue

Topics: General Topic, MMC SnapIn, NetSqlAzMan Core
Jan 4, 2012 at 10:52 AM


I have a strange issue in the NetSqlAzMan SnapIn. I am not sure if it is something I have misunderstood or a bug.

My definitions setup for reproducing the issue:

Role: MyRole
Tasks: MyTask1 and MyTask2
Operations: MyOperation1 and MyOperation2

MyRole has MyTask1 and MyTask2.
MyTask1 has MyOperation1 and MyOperation2.
MyTask2 has MyOperation1 and MyOperation2 (same as MyTask1)

The hierarchy is something like that:


And my authorizations:

User1, either defined in ActiveDirectory or in database.

User1 has an allow authorization on MyRole.
User1 has a deny authorization on MyTask2.

In this setup, I expect User1 to have access to MyTask1 and its operations MyOperation1 and MyOperation2. In reality, User1 has access only to MyTask1 and not to its operations.

Can you tell me if am doing something wrong?

Thanks in advance.


My Setup:

•              NetSqlAzMan version:
•              NetSqlAzMan installed products: MMC SnapIn
•              Operating System version and installed languages: Windows 7 Ultimate English
•              Platform: x64
•              SQL Server version: 2008 Standard

Jan 4, 2012 at 11:16 AM

because in case of conflict, "deny" always wins.

Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail Web

Jan 4, 2012 at 12:16 PM

Hello Andrea,

Thank you for your quick reply.

If I have well understood, if I set a deny on a task, the operations that are defined in that task are denied. The others tasks where these operations are defined are also affected and denied. Right?



Jan 4, 2012 at 12:35 PM


You got it right.