Hi Roshan, In the UI point of view, API Manager has to enable links/buttons for update/delete APIs, etc, in this case, if we don't combine these permissions, we need two/more queries for enabling the inputs from the user for editing/deleting.
On Tue, Jan 3, 2017 at 5:28 PM, Roshan Wijesena <[email protected]> wrote: > > On Tue, Jan 3, 2017 at 5:02 PM, Abimaran Kugathasan <[email protected]> > wrote: > >> Will there be a scenario where a user belongs to two or more groups and >> end up with different permissions? Will API Manager combine all these >> permissions? > > > > IMO, there won't be a problem. Let's get a scenario, > > The user is in two groups. Group A - has delete permission Group B has > update permission. > > When it comes to deleting operation, Since we know the group ids that user > belongs to we will do the validation whether that user group has delete > permission then we will allow him to delete the API > In the same way, we can handle update operation also. > > > -- > Roshan Wijesena. > Senior Software Engineer-WSO2 Inc. > Mobile: *+94719154640 <+94%2071%20915%204640>* > Email: [email protected] > *WSO2, Inc. :** wso2.com <http://wso2.com/>* > lean.enterprise.middleware. > -- Thanks Abimaran Kugathasan Senior Software Engineer - API Technologies Email : [email protected] Mobile : +94 773922820 <http://stackoverflow.com/users/515034> <http://lk.linkedin.com/in/abimaran> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> <https://twitter.com/abimaran>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
