On Tue, Jan 3, 2017 at 5:02 PM, Abimaran Kugathasan <[email protected]> wrote:
> Will there be a scenario where a user belongs to two or more groups and > end up with different permissions? Will API Manager combine all these > permissions? IMO, there won't be a problem. Let's get a scenario, The user is in two groups. Group A - has delete permission Group B has update permission. When it comes to deleting operation, Since we know the group ids that user belongs to we will do the validation whether that user group has delete permission then we will allow him to delete the API In the same way, we can handle update operation also. -- Roshan Wijesena. Senior Software Engineer-WSO2 Inc. Mobile: *+94719154640* Email: [email protected] *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware.
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
