Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
If the policy-deltas are enabled, then when two policies have a common subset of resources and are defined on same user (or subset of users, through groups or direct users), if one of these policies is modified (on anything: name, resource, user), it is the only one in effect during access evaluation. Until a restart of the underlying service.
The underlying cause is a ResourceTrie node referring to modified policy-evaluator is removed even when it contains wildcard-evaluator(s).