let’s say I have 2 roles:



and task:


I want give access to mayPublishArticleInGroup only for members who have BOTH articleAuthor and groupMember roles. Is it possible to model it with use of RBAC.

In this situation I usally create a third role that is child of articeAuthor and groupMember

This third role will not work. checkAccess will allow action when user is articleAuthor OR groupMember.

What I want is to change OR to AND in this condition.