I'm looking at RBAC. What's the default effect for an action with no explicit `allow`/`deny` ? i.e. if I create a user and don't grant it any

fs:*

(neither allow nor deny), is that the same as granting

deny

? Put another way, if I only want to allow certain actions, do I need to

deny

the others, or can I simply

allow

the ones that I want?

If no permissions exist than the action will be blocked, so basically it’s like

deny

Also

deny

is stronger than

allow

so If you provide

fs:*

allow

with

fs:Write*

deny

to a user, it will be able to do all

fs

commands except write commands.

thanks !