Description

We recently discussed the need to have some attribute on a policy akin to !important in CSS that indicates that the policy trumps the typical logical-OR pattern and MUST be passed, even if other policies that would apply to the operation also would pass.

For example, we might have an student role with a policy that does NOT give transact op access to a class like ResultGrade. If a user was both a student and an admin and if admin had a policy that DID give transact op access to ResultGrade, we might not want the admin role to trump the student role with regard to transacting to ResultGrade. Use of this !important attribute (whatever it may look like) on the student role policy applying to ResultGrade would mean that this policy HAD to pass (logical-AND).