...
An issue is depending on the directed graph assignments if the overall result of a permission query is an allow or deny.
...
Screen movie of setting this up
Here is the GSH which sets this up
...
If the application supports users acting as a certain role instead of flattening all permissions into one permissions set (i.e. ability to elevate permissions), then as a User, jsmith cannot Read Arts and Sciences, but as an Admin, jsmith can Read Arts and Sciences
Screen movie of setting this up and analyzing result
GSH commands:
Code Block |
---|
adminRole.getPermissionRoleDelegate().assignRolePermission("read", artsAndSciences, PermissionAllowed.ALLOWED); user.getPermissionRoleDelegate().assignRolePermission("read", artsAndSciences, PermissionAllowed.DISALLOWED); adminRole.addMember(subj0, false); user.addMember(subj0, false); PermissionFinder.hasPermission(subj0, english, "read"); PermissionFinder.hasPermission(subj0, adminRole, english, "read"); PermissionFinder.hasPermission(subj0, user, english, "read"); |
...