Jresearch Software Blog

The Algorithm of Evaluation

Apr 16, 2009 by Ekaterina Gorshkova

All the roles in the previous postings have only one permission, however a user is allowed to have several roles, and each role is allowed to have several permissions. So how is access granting evaluated? Currently the following rules apply in Flexess:



  • If a permission has no constraint, it evaluates to true. If the permission has a constraint, then the result is the evaluation of the constraint.

  • If at least one permission from the role evaluates to false, then role evaluates to false.

  • If a least one role evaluates to true, then access is granted.


The following figure depicts the algorithm of evaluation:


 


In future releases we plan to have the algorithm of permission evaluation completely configurable.

« Zelix obfuscation... | Main | The Flexess Developm... »


Post a Comment:
Comments are closed for this entry.
 
corner-header-left-top corner-header-right-top

« March 2010
SunMonTueWedThuFriSat
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   
       
Today

Links

Feeds

Navigation

 
corner-header-left-top corner-header-right-top
© 2008-2009 Jresearch Software s.r.o.