Conflicting Data Rules

If a user has two different Data Rule buckets that directly conflict which one applies? E.g. they have both:

<model name="user" read="any" write="create,update" />
<model name="user" read="any" write="none" />

Does the more permissive bucket apply? Or the less permissive one? Or does this lead to errors? I couldn’t find any documentation indicating how it should behave.

1 Like

Excellent question.

Data Rules can only add access, not remove access. So if any rule gives a user access, the user has access.

In other words, the more permissive rule will apply.

The other way to think about it is that once you implement Data Rules users have no read or write access to data, apart from those explicitly given them in the Data Rules file.

1 Like