...
- Collection-based policies based on the XACML hierarchical resource profile will require that relationships are specified from the child object to the parent (eg isMember relationships in the child object)
- Only simple datastream and object properties can be exposed as XACML resource attributes; the properties must be defined as relationships in the containing object
Disabling FeSL Authorization
If you encounter problems, such as creating a set of policies which lock out administrative access to the repository and thus prevent further changes to policies, you can disable FeSL AuthZ completely.
- Locate the file
$FEDORA_HOME/server/config/spring/web/security.xml
. - For each of the
<security:filter-chain>>
elements, remove the valuePEPFilter
(and the preceeding comma) from thefilters
attribute.