// Determine lease level based on access requirements
        // Check for delete access separately as it may require special handling
        final boolean hasDeleteAccess = (access & DELETE) != 0;
        final boolean hasWriteAccess =
                (access & (GENERIC_WRITE | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) != 0;

            }
        } else {
            for (ai = 0; ai < aces.length; ai++) {
                aces[ai].sid.origin_server = server;
                aces[ai].sid.origin_auth = auth;
            }
        }
    }

    /**
     * Return an array of Access Control Entry (ACE) objects representing
     * the security descriptor associated with this file or directory.

	for _, b := range accInfo.Buckets {
		gotBuckets.Add(b.Name)
		if !b.Access.Read || !b.Access.Write {
			c.Fatalf("root user should have read and write access to bucket: %v", b.Name)
		}
	}
	shouldHaveBuckets := set.CreateStringSet(bucket2, bucket)
	if !gotBuckets.Equals(shouldHaveBuckets) {
		c.Fatalf("root user should have access to all buckets")
	}

	// This must fail.

			//   HTTP status code 404 ("no such key")
			//   error.
			// * if you don’t have the s3:ListBucket
			//   permission, Amazon S3 will return an HTTP
			//   status code 403 ("access denied") error.`
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
				Action:          policy.ListBucketAction,
				BucketName:      bucket,
				ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),

- **Auth**
  - [alpha] Further polishing of the Role-based access control alpha API including a default set of cluster roles. ([docs](http://kubernetes.io/docs/admin/authorization/)) ([kubernetes/features#2](https://github.com/kubernetes/enhancements/issues/2))

when the popper is created.<br />\n   * By default, it is set to no-op.<br />\n   * Access Popper.js instance with `data.instance`.\n   * @prop {onCreate}\n   */\n  onCreate: () => {},\n\n  /**\n   * Callback called when the popper is updated. This callback is not called\n   * on the initialization/creation of the popper, but only on subsequent\n   * updates.<br />\n   * By default, it is set to no-op.<br />\n   * Access Popper.js instance with `data.instance`.\n   * @prop {onUpdate}\n   */\n  onUpdate:...

  }

  private void checkLogged(Throwable t) {
    assertSame(t, popLoggedThrowable());
  }

  /*
   * TODO(cpovirk): Can we replace makeLocalCache with a call to builder.build()? Some tests may
   * need access to LocalCache APIs, but maybe we can at least make makeLocalCache use
   * builder.build() and then cast?
   */

  private static <K, V> LocalCache<K, V> makeLocalCache(

    public static final String LABELS_boost_document_rule_sort_order = "{labels.boost_document_rule_sort_order}";

    /** The key of the message: Access Token */
    public static final String LABELS_access_token_configuration = "{labels.access_token_configuration}";

    /** The key of the message: Access Token */
    public static final String LABELS_access_token_title_details = "{labels.access_token_title_details}";

- **Auth**
  - [alpha] Container Image Policy allows an access controller to determine whether a pod may be scheduled based on a policy ([docs](http://kubernetes.io/docs/admin/admission-controllers/#imagepolicywebhook)) ([kubernetes/features#59](https://github.com/kubernetes/enhancements/issues/59))

          "rules": []
        },
        "romanian_stop": {
          "type":       "stop",