On 01/25/2011 08:41 AM, Heiko Braun wrote:
a) One for the client server communication (which operation can a
'role' invoke?)
b) another one discriminating which parts of the UI the user actually gets to see.
We do need to be careful that the console itself doesn't attempt to
perform it's own restrictions with it's own authorization checking as
this can become quite easy for administrators to become dependent on and
not realise that their users can bypass this and call the APIs directly.
Also based on past experience I think we want to be able to document the
security once and for it to then apply equally to all management APIs.
From the perspective of the console I think this should be considered
more from the point of preventing users wasting their time performing
operations in the console that will subsequently fail when applied.
I am going to go through the example Brian has now committed to take a
better look at these potential calls but I am wondering if it would make
sense to have some form of "What can I do here?" or "What operations am
I allowed to call?" calls for the console to be able to discover this?
Another aspect to consider is that values in the model can be described
as "read only" and "read write" - would it make sense for this to also
reflect what the user can actually do or maybe even add a "read write -
but not for you".
Regards,
Darran Lofthouse.