Greetings: I'm using the standard form of the ACL_OBJECT_IDENTITY and ACL_PERMISSION tables to manage access to various collections of objects. In a new case we have a two tiered access model, in which there are INTERNAL and EXTERNAL users. The collection of objects I'm considering in this situation has two access types: READ and WRITE. I'm having trouble specifying the access cases for the objects across the access matrix.
For illustration, given the objects: Alpha Beta Gamma Delta Presume that the hierarchy of the objects is indicated by their order (that is, Alpha being the least, Delta being the greatest). The set 'ALL' represents [Alpha, Beta, Gamma, Delta] The set 'S1' represents [Alpha, Beta, Gamma] The set 'S2' represents [Alpha, Beta] The cases here break down to: INTERAL: READ ALL, WRITE ALL EXTERNAL: READ S1, WRITE S2 I wanted to model this using our existing framework, built upon the ACL_OBJECT_IDENTITY and ACL_PERMISSION tables. I originally believed that I could simply insert rows representing the objects (as always) in the ACL_OBJECT_IDENTITY table, with parentage intact (Alpha.parent --> Beta, Beta.parent --> Gamma ... Delta.parent --> null). This worked well. Next I attempted to add rows to the ACL_PERMISSION table to reflect the four different cases for the users: Object:Delta Recipient:INTERNAL Mask:READ Object:Delta Recipient:INTERNAL Mask:WRITE Object:Gamma Recipient:EXTERNAL Mask:READ Object:Beta Recipient:EXTERNAL Mask:WRITE The problem here is that the unique key on the ACL_PERMISSION table is [Object (the ACL_OBJECT_IDENTITY reference column), Recipient]. It wouldn't seem from the suggested schema for this table that you can support different collections for the same Recipient based on the Mask. Is this the case? Is it safe to extend the unique key to include Mask? Would collection filtering even work if I did? Thanks, -jason ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
