Hi,
I am not sure that I understand your suggestion. If I am login with some
user which is with fixed groups how this groups will be changed when I
am on different objects?
Imagine that the application is looking like Windows Explorer where the
left side is one Tree, and the right side is a table. You select an
object cinema "Metropolitan" which extends Company where you are the
boss. So, in this case you must to have "cinema-manager" group and
rights. Then you select another cinema "Multiplex" where you are just
user. In this case you must to have "cinema-user" group and rights. Both
cinemas are children of parent Cinema which extends Company for example.
The same with another type of objects like museums, warehouses, etc.
How this will be realized with your suggestion?
Regards,
Miro.
Bobby Bissett - Javasoft wrote:
>> I need to have dynamic set of groups and roles for each user
>> depending of
>> the
>> selected (current) object. This is similar to the real world where one
>> person
>> have different permissions (groups and roles) depending on that where
>> is:
>> own
>> company, shop, cinema, partner company, home, etc.
> [...]
>> Any suggestions?
>
> This is just my opinion, but I don't see the need for dynamic groups
> and roles to take care of this. As an example, imagine you're using
> the same server for the sites of 'cinema' and 'museum' and both apps
> divide resource access into 'user' and 'manager' roles (which
> represent permissions really, and not actual entities such as users).
>
> In the server, I would create groups cinema-user, cinema-manager,
> museum-user, and museum-manager. Thus, if you own the museum, you
> would be in the museum-manager and possibly cinema-user groups (and
> the museum-user group as well, depending on how you want to architect
> things).
>
> Then you can simply map 'museum-manager' group to 'manager' role for
> the museum app, 'cinema-manager' group to 'manager' for the cinema
> app, etc., and there would be no need for dynamically switching
> groups. While there may be good use cases for being able to
> dynamically switch things around, I prefer simplicity when it comes to
> security in an application.
>
> Cheers,
> Bobby
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>