Hi all,
we've got to find a solution for a running EJB-project.
Here's a short description of the problem:
With Tengah it is possible to restrict access to the naming service, thus
hiding of EJBs (classes) is possible.
Moreover, in the deployment descriptor of each EJB each method access can
be restricted.
Unfortunately, in the mentioned project we have data dependant
restrictions. Some users can read and/or manipulate
more instances than others. Assuming an EntityBean "organization" which
defines a tree - each organization has suborganizations.
Each organization aggregates some Kostenstellen. We want to define a user
(or a user group) to be responsible for a subtree.
No other users should be able to manipulate Kostenstellen of organisations
in this subtree. Kostenstellen can be retrieved directly using a find
method.
With RDBMS, views can be used to solve this kind of problems. This solution
requires that a user is represented as a database user. This is not the
case
with EJB where the EJB container connects as a 'generic' database user.
Another point is that we want to use LDAP/X.500 to define users and user
groups.
Any ideas ?
Greetings,
Mike Wei�
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
