I have testet MIRStrategy, which works with all rules except "require login":
use BASE_STRATEGY as fallback
added permission "addurn" to rights section