Re: Forcing authorization access-reject depending on attribute