Zied Fakhfakh <[email protected]> wrote: > I mean, we want to apply these limits/restrictions on a group of users, not > all of them.
In that case, define a group containing a list of those it's to apply to (or not apply to). Eg, if you are filtering based on SASL username, then you might have members in the form "[email protected]" (the "$" is important). Then in your policies, you include/exclude members of that group - using "%groupname" or "!%groupname". So a policy matching SASL authenticated users who aren't in the filtered group could have members of "!%groupname,$*" - meaning "not a member of group "groupname" and "SASL user '*'". For a policy that only applies to members of the group then all it needs is "%groupname" since if members of the group are all SASL usernames, that automatically implies any matches must also be SASL authenticated users. You'll need to read the docs a bit - I never got fully conversant with it all and it's some time since I set mine up ! One tip I would suggest is to try and make all your policies have mutually exclusive matching criteria. While the inheritance stuff is great in theory, in practice I find it's tricky to get to work as you'd expect - so it's simplest to avoid it. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
