Jresearch Software Blog

Designing a Security Model

Feb 02, 2009 by Ekaterina Gorshkova

Let's consider a simple example. A client of a bank can request a loan and a manager of that bank can approve loans. We can protect the object Loan from unauthorized access by restricting access to the operations Request and Approve. These operations have relationships with permissions that limit access.


 


The client and the manager of the bank are called role templates in Flexess (I will explain why we call them role templates and not roles later). Role templates aggregate permissions. In the picture above, a Manager is allowed to perform the Approve operation because they have the ApprovePermission, which is connected to the Approve operation. A Client is not allowed to perform Approve operations because it has no permissions that are connected to the Approve operation.

Protected objects, operations, permissions and role templates are the basic concepts of Flexess. In the next post I will discuss how to restrict access based on object attributes.

« The Birth of Flexess | Main | Creating Complex... »


Post a Comment:
Comments are closed for this entry.
 
corner-header-left-top corner-header-right-top

« March 2010
SunMonTueWedThuFriSat
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   
       
Today

Links

Feeds

Navigation

 
corner-header-left-top corner-header-right-top
© 2008-2009 Jresearch Software s.r.o.