...

• Collection-based policies based on the XACML hierarchical resource profile will require that relationships are specified from the child object to the parent (eg isMember relationships in the child object)
• Only simple datastream and object properties can be exposed as XACML resource attributes; the properties must be defined as relationships in the containing object

Disabling FeSL Authorization

If you encounter problems, such as creating a set of policies which lock out administrative access to the repository and thus prevent further changes to policies, you can disable FeSL AuthZ completely.

1. Locate the file $FEDORA_HOME/server/config/spring/web/security.xml.
2. For each of the <security:filter-chain>> elements, remove the value PEPFilter (and the preceeding comma) from the filters attribute.