[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: hierarchical resources
Has anyone used hierarchical resources for authorization ? We have a hierarchical list of companies and users can be granted access (read, update etc.) to the parent company and he gets access to all the children companies along with the parents company that he was granted access. I am planning to do the folliowing : Step 1 : Write a custom resource finder by extending ResourceFinderModule which returns a list of companies based on the parent company. Step 2: In Request context : <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>Company-id</AttributeValue> </Attribute> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:scope" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>Descendants</AttributeValue> </Attribute> </Resource> Step 3: In Policy file : Still thinking about it.Any input welcome from how to to best practice. Does this approach look correct or there is some alternative better way ? Thanks, Dhirendra Sharma __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]