Adrian,
While this is fine when a artifact handles a specific "process" but
what about when a screen (for example) like EditExample would be used
for different processes? Often the same screen/form is used for create
vs update; and even more often a user will have access to create but
not update [everything].
Also, an artifact (such as a screen) could contain multiple processes.
A list screen for example may also include a delete button. However,
with no explicit permission checks, the delete button will display for
all users who have access to this artifact. So, you would still need
to have explicit permission checks to see if the user has access to
the delete button in this artifact.
Andrew
Permissions are hierarchical - each artifact inherits permissions
from the artifact above it. This is very similar to what Andrew is
trying to achieve, but it's different because the artifacts
themselves control the security - there is no call to a permission
service with a permission string.
Here's what it might look like in ExampleScreens.xml:
<screens xmlns:xsi="...">
<security domain="framework:example:screen"/>
<screen name="EditExample">
<security domain="EditExample"/>
...
</screen>
</screens>
Notice there are no explicit permission checks. Instead, each
artifact has identified itself in the security domain.
