Hi Joe, On Wed, Jan 4, 2017 at 10:25 AM, Joseph Fonseka <[email protected]> wrote:
> Also how do you manage role and group permission conflicts let say in a > group there is a user which do not have creator role will he be allowed to > update the API. IMO, roles and groups are two different things and we need to validate both when perform an operation. If someone has "create" role permission, can create new API and if he is in "update" group he should be able to edit that API. I think "publisher" role is not required anymore because it can be achieved by "update" group permission. Regards Roshan. -- Roshan Wijesena. Senior Software Engineer-WSO2 Inc. Mobile: *+94719154640* Email: [email protected] *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware.
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
