Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [701] trunk/openutils-hibernate-security/src/site/ apt/rbac-acegi.apt
|
From: <fc...@us...> - 2008-02-25 17:45:34
|
Revision: 701
http://openutils.svn.sourceforge.net/openutils/?rev=701&view=rev
Author: fcarone
Date: 2008-02-25 09:45:22 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Minor changes to documentation
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
Modified: trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
===================================================================
--- trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-25 17:38:38 UTC (rev 700)
+++ trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-25 17:45:22 UTC (rev 701)
@@ -8,11 +8,11 @@
This project proposes a Role Based approach to security, trying to be as hidden as possible to application developers.
- A common test case is when you have different users who can access the same group of domain business objects and a
+ A common test case is when you have different users who can access the same set of domain business objects and a
policy to enforce access security is needed. For exaple, given a DummyDataObject with two properties, intValue and
stringValue, you want UserA to access the DummyDataObject when intValue is 1 and UserB when intValue is 2.
- In a typical RBAC environment, the user (or entity who does something) is called subject and a subject is tied to
+ Using the RBAC grammar, the user (or entity who does something) is called subject and a subject is tied to
many roles. Within openutils, 1 user is contained in N groups and a group can have M roles, so you relate users
to roles through groups. For our example let's map UserA to Role1 and UserB to Role2 (through 2 different groups,
GroupA and GroupB, but groups are not important now).
@@ -31,7 +31,7 @@
SecurityRule 2:
Role2 - DummyDataObject - intValue - 2 - EQUALS - LOAD
- With the given scheme, users with roles Role1 and Role2 can access in readonly mode the DummyDataObject instances with
+ With the given scheme, users with roles Role1 and Role2 can access in read-only mode the DummyDataObject instances with
respectively intValue equals to 1 and 2. If you want to make Role2 access the DummyDataObjects in read-write mode, the
SecurityRule 2 becomes:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
