[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: hierarchical resources
Has anyone used hierarchical resources for
authorization ?
We have a hierarchical list of companies and users can
be granted access (read, update etc.) to the parent
company and he gets access to all the children
companies along with the parents company that he was
granted access.
I am planning to do the folliowing :
Step 1 : Write a custom resource finder by extending
ResourceFinderModule which returns a list of companies
based on
the parent company.
Step 2: In Request context :
<Resource>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>Company-id</AttributeValue>
</Attribute>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:scope"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>Descendants</AttributeValue>
</Attribute>
</Resource>
Step 3: In Policy file :
Still thinking about it.Any input welcome from how to
to best practice.
Does this approach look correct or there is some
alternative better way ?
Thanks,
Dhirendra Sharma
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]