Privilege Conflict


Privilege Conflict or (Permission Conflicts) appear when two or more Access Control rules result in the conflicting decisions of permitting entities Access Requests by either direct or indirect (inherit) access assignments.

In addition, when multiple Access Control Policies are evoked for permission, conflicting decisions between policies may occur.

Privilege Conflict are common issues unless proper delimitation of Privileges and Permissions are defined.

Privilege Conflict often arise when such methods of "nested" Permissions are involved. If Group "A" is permitted to access file "One" and Group "B" is denied access to file "One", then does a member of both group "A" and group "B" have Authorization to file "One"?

What is important is that these permissions are correlated and the resulting correlation is definitive. Further this correlation must be understood by all those who would perform Access Control for the groups.

Separation of Duty is a concept used to implicitly avoid Privilege Conflict.

More Information#

There might be more information for this subject on one of the following: