...
An issue is depending on the directed graph assignments if the overall result of a permission query is an allow or deny.
...
Screen movie of setting this up
Here is the GSH which sets this up
...
If the application supports users acting as a certain role instead of flattening all permissions into one permissions set (i.e. ability to elevate permissions), then as a User, jsmith cannot Read Arts and Sciences, but as an Admin, jsmith can Read Arts and Sciences
Screen movie of setting this up and analyzing result
GSH commands:
| Code Block |
|---|
adminRole.getPermissionRoleDelegate().assignRolePermission("read", artsAndSciences, PermissionAllowed.ALLOWED);
user.getPermissionRoleDelegate().assignRolePermission("read", artsAndSciences, PermissionAllowed.DISALLOWED);
adminRole.addMember(subj0, false);
user.addMember(subj0, false);
PermissionFinder.hasPermission(subj0, english, "read");
PermissionFinder.hasPermission(subj0, adminRole, english, "read");
PermissionFinder.hasPermission(subj0, user, english, "read");
|
...