[ http://jira.andromda.org/browse/BPM-253?page=comments#action_12076 ] Wouter Zoons commented on BPM-253: ----------------------------------
use a dependency instead of an association: docs need update > CRUD security not respecting Actor <--> <<Manageable>> associations > ------------------------------------------------------------------- > > Key: BPM-253 > URL: http://jira.andromda.org/browse/BPM-253 > Project: Bpm4Struts Cartridge > Type: Bug > Components: CRUD > Versions: 3.1-RC1 > Environment: Linux (Ubuntu) JDK 1.5/1.4 MagicDraw 9.5 sp1 > Reporter: Tim Dysinger > Assignee: Wouter Zoons > Priority: Critical > Attachments: AndromdaQAModel.xmi > > Doesn't matter who is logged into the application when security is enabled. > Anyone can create/delete <<Manageable>> entities. This is a show stopper for > my application as I can't deploy it until it's fixed. We don't want regular > users creating or deleting sensitive <<Entity>> instances. ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
