18 Aug
2010
18 Aug
'10
11:23 p.m.
On 19/08/2010, at 1:00 PM, Randy Bush wrote:
something which can take a couple of hundred basic and extended ACLs and tell you these <ten> don't work these <twenty> conflict the remaining <x> have a sequence and can reduce to this basic <x-y> set
maybe you could go the other direction. as opposed to trying to digest and correct cruft, generate the acls from something reasonable so that they are canonic by construction.
randy
A reasonable call. Its probably where we'll be by default, because there isn't anything there and I think first principles upward is better than paring back. Thanks for the responses (and Roland!) I think its clear a tool like I asked doesn't exist, and very probably won't, anytime soon. cheers -G