I was disappointed to see that instance level authorization is not covered
in EJB 1.1.
It would be nice if specific principles in the operational environment could
be given permissions on specific entity primary keys. An administrator
would do this.
How, for example, does an EJB system allow "Jill Jones" to access account
records 1, 33, 77, 199 but not any other accounts? What if the list of
accounts accessible by Jill and other users changes daily?
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
