Hi Pedro, You're right about the revokePermission() that takes an operation, I just wasn't sure why it didn't also take an identifier. But then I remembered that PicketLink supports class-level permissions in addition to instance-level permissions, so that makes more sense now.
This issue is really about the case where I want to grant/revoke for a particular instance. So far, I only have one situation where I need to do this. I don't have the instance available but it's cheap to create it. However, in the future I may have cases where the instance is not available and it's expensive to get. So it would be handy to be able to grant/revoke by class + ID of the instance, to avoid the expense of getting the instance itself.
|