[security-dev] Permission and Role

Shane Bryzak sbryzak at redhat.com
Wed Jun 4 19:29:46 EDT 2014


Hi Rahul,

They are fundamentally two very different things.  A role is typically 
used to define a set of users for which specific privileges are to be 
assigned, while a permission is used to control access to application 
resources or services.  A permission check can actually use the user's 
roles to determine whether the user has the necessary privilege to 
perform an action.  Here's a couple of pseudo-code examples to make this 
a little clearer:


1. Restricting access to a method based on the user's role:

@RolesAllowed("admin")
public void doProtectedOperation() {
    ...
}

2. Restricting access to a method to users with permission to cancel a 
specific "order":

public void cancelOrder(@HasPermission("cancel") Order order) {
    ...
}

Hope that helps!

Shane

On 06/05/2014 09:13 AM, Rahul Mahindrakar wrote:
> Hi
>
> I have not been able to have a grasp of the difference between the 
> usage of Role and permissions.
>
> Can someone guide me in this direction
>
> Thanks
> Rahul
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20140605/42c9efa8/attachment.html 


More information about the security-dev mailing list