(Requested department and Requested site are only rights if one or more are defined.)
To determine if a user should be able to access a specific application, VSys verifies that:
The user has rights to the application based on one or more of its type, Requested department, Requested site, or Site submitted. This follows the usual rules of checking the user's explicit rights, rights from roles and then default user rights. A match on any of these is sufficient, the user doesn't have rights based on all of these attributes.
The user has not had his rights revoked ("No access") based on any of the above. If the user has been given "No access" based on any of these values for an application, he cannot access the application at all.
In the example above:
The user is allowed to access "2008 Winter v3", "Application #4", "Application #5" and "Application #6", plus any application of any type where the Requested department is "Department A" or the Requested site is "Site 2".
But any application of any type where Requested site is "Site 1" is denied regardless of the type of application or the Requested department.
The idea with this rights mechanism is to make it easy to allow site or department supervisors to access applications where their site/department is requested by the volunteer in an online application without having to define an application for each site and/or department.