[jboss-jira] [JBoss JIRA] Updated: (JBRULES-428) Access Control List - each node to be protected
Mark Proctor (JIRA)
jira-events at lists.jboss.org
Fri Apr 25 21:19:12 EDT 2008
[ http://jira.jboss.com/jira/browse/JBRULES-428?page=all ]
Mark Proctor updated JBRULES-428:
---------------------------------
Assignee: Michael Neale (was: Fernando Meyer)
> Access Control List - each node to be protected
> ------------------------------------------------
>
> Key: JBRULES-428
> URL: http://jira.jboss.com/jira/browse/JBRULES-428
> Project: JBoss Drools
> Issue Type: Sub-task
> Security Level: Public(Everyone can see)
> Components: drools-brms
> Reporter: Michael Neale
> Assigned To: Michael Neale
>
> Rule nodes (at least) need to have an ACL: what groups can access it in what capacity. First need to have a structure for ACLs to be stored.
> They should be tied to user groups/roles, not individual logins.
> JAAS should provide the user name and the users context (group membership) I believe.
> When there is an ACL, it must be checked to see if the user (via their group membership) can do one of the following:
> Edit, change status, view, delete.
> If they can't view, ideally it will not be shown in any "lists", but if that is not feasable, it would be acceptable to list it, but not show the contents.
> Will need to be able to set permission from within an admin facility of the application.
> see http://wiki.jboss.org/wiki/Wiki.jsp?page=RulesRepositoryRoleAuthorization for more details
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list