Hi all, We thought of giving read permission implicitly to everyone who has update permission because users can't update without reading. So update permission alone doesn't make much sense.
The question is does that make sense to give all permissions (Read /Update /Delete) implicitly to the ones who has delete permission too? Thanks, Bhathiya On Tue, Jan 3, 2017 at 5:28 PM, Roshan Wijesena <[email protected]> wrote: > > On Tue, Jan 3, 2017 at 5:02 PM, Abimaran Kugathasan <[email protected]> > wrote: > >> Will there be a scenario where a user belongs to two or more groups and >> end up with different permissions? Will API Manager combine all these >> permissions? > > > > IMO, there won't be a problem. Let's get a scenario, > > The user is in two groups. Group A - has delete permission Group B has > update permission. > > When it comes to deleting operation, Since we know the group ids that user > belongs to we will do the validation whether that user group has delete > permission then we will allow him to delete the API > In the same way, we can handle update operation also. > > > -- > Roshan Wijesena. > Senior Software Engineer-WSO2 Inc. > Mobile: *+94719154640 <071%20915%204640>* > Email: [email protected] > *WSO2, Inc. :** wso2.com <http://wso2.com/>* > lean.enterprise.middleware. > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
