I have 2 questions as I whiteboard a design for assigning resources:

1 - If I have Role 1 with Resources A & B, and Role 2 with Resource B &
C, if I remove a user from role 2 will he continue to have resource B?

2 - I am trying to implement the concept of a blacklist on a role
(80/20 rule right?). For example, all employees get a mail account.
But a few employees for one reason or another need to be excluded from
getting a mail account. So my idea is to create a "mail blacklist" role
that has a SOD constraint with the "Mail" role. Then if a user is added
to the mail blacklist role they would be removed from the mail role. Is
that the right approach? Would it work if the Mail role is assigned
through role hierarchy ( employee role contains mail role, user object
is not in the role), and the Mail blacklist role is assigned to a
specific user object?


mkijewsk's Profile: http://forums.novell.com/member.php?userid=42277
View this thread: http://forums.novell.com/showthread.php?t=449629