. . "If no specific permissions are identified by resources, determine whether roles other than the owning role can access the resource, based on its permissions." . .