[jboss-jira] [JBoss JIRA] Closed: (JBRULES-428) Access Control List - each node to be protected
Michael Neale (JIRA)
jira-events at lists.jboss.org
Wed Oct 8 00:38:21 EDT 2008
[ https://jira.jboss.org/jira/browse/JBRULES-428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Neale closed JBRULES-428.
---------------------------------
Fix Version/s: 5.0.0.M3
Resolution: Done
> Access Control List - each node to be protected
> ------------------------------------------------
>
> Key: JBRULES-428
> URL: https://jira.jboss.org/jira/browse/JBRULES-428
> Project: JBoss Drools
> Issue Type: Sub-task
> Security Level: Public(Everyone can see)
> Components: drools-guvnor
> Reporter: Michael Neale
> Assignee: Michael Neale
> Fix For: 5.0.0.M3
>
>
> Rule nodes (at least) need to have an ACL: what groups can access it in what capacity. First need to have a structure for ACLs to be stored.
> They should be tied to user groups/roles, not individual logins.
> JAAS should provide the user name and the users context (group membership) I believe.
> When there is an ACL, it must be checked to see if the user (via their group membership) can do one of the following:
> Edit, change status, view, delete.
> If they can't view, ideally it will not be shown in any "lists", but if that is not feasable, it would be acceptable to list it, but not show the contents.
> Will need to be able to set permission from within an admin facility of the application.
> see http://wiki.jboss.org/wiki/Wiki.jsp?page=RulesRepositoryRoleAuthorization for more details
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list