Special Circumstances

There are some special circumstances under which the request, although it is not exactly matched in the acl.conf file, will be denied without reference to either the permissions cache or the Permissions Module. Any request will be denied if, in the acl.conf

  • The username exists but is not associated with any destinations.
  • The username exists and is associated with destinations, but not with the specific destination in the request.
  • The username is part of a group, but the group is not associated with any destinations.
  • The username is part of a group and the group is associated with destinations, but not with the specific destination in the request.

In general entries in the acl.conf file supersede entries in the Permissions Module, allowing you to optimize permission checks in well-defined static cases. When the acl.conf does not mention the user, the Permissions Module is fully responsible for permissions.