28/10/2008
Role Based Access Control
16
WE::U::P File Examples / 2
lThe members of the group "news" are allowed to do the following operations in all objects below "/News/":"edit", "change-folder", "new-doc", "rm-doc", "release" and "publish".A regular expression match is used here (there is no "! match" directive).
l
l! match: regexp
l  group news
l    page /News/.*
l process edit change-folder new-doc rm-doc release publish
lAt end of file this rule denies anything not already permitted,similarly to Apache "DENY from all" directive or /etc/hosts.deny "ALL: ALL"
l! match: glob
l group *
l process !*