Role learning after full system learning

Submit your RBAC policies or suggest policy improvements

Role learning after full system learning

Postby jattila40 » Sat May 28, 2011 5:42 pm

I have done a full system policy learn, but i need further refinement for a particular role. Setting the l flag for this role in the newly generated policy file, i get the folowing error message when checking with gradm -C :

"Subjects are not allowed for a role with learning enabled, as they are generated by the learning mode"

How can i teach this role without deleting the already learnt subjects?
jattila40
 
Posts: 7
Joined: Sat May 28, 2011 5:04 pm

Re: Role learning after full system learning

Postby spender » Mon May 30, 2011 9:19 pm

This isn't currently supported. If you don't want to do full learning on that single role, your only other option is to enable per-subject learning.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development