On Thu, Oct 4, 2018 at 4:50 PM Jason E Bailey <j...@apache.org> wrote: > ...a user can create a resource with a rt/danger resourceType but they can't > execute it unless they have permission to > execute the rt/danger resource. > > We do this for our script under /apps/ where we prevent access to certain > groups so that even if they create the resource > that references it, it won't work for them....
That works for scripts, but how about servlets? I think that's where this proposal makes sense. -Bertrand
