Inheritance principle: access rights configured for a given path are inherited by all its children paths. There are the following substitution rules:Access rights for a given path override access rights configured for its parent paths.Access rights substitution is performed on a per-user basis.
4.1继承规则:子模块权限覆盖父模块,上面的例子就是这样,父模块分配的所以权限是只读,子模块各自分配读/写。
Priority principle: the rule with the most wide access level will be chosen if there are several access rules configured for a given path and applicable to a given user.
4.2优先级规则:对一个模块一个用户设置不同权限,取权限范围大的。
Deny-rules have the priority over allow-rules and might be useful to configure fine-grained access rights
4.3否认规则:否认规则(不授权)优先允许规则(授权),比如上面的root用户和user1同属一个组develop组,我直接对Project文件夹授权develop组读/写权限。但是我又不想user1读写,那就给user1一个deny就行了。