How do you assure that only Joe can access his credit card information?
If you are using principals for that, than your EJB might as well
support a super-user role and allow anyone in that role to access
information for any principal.
If you are using something more than principals (let's say a
JDBCCredentials object) then the problem becomes way more complex.
arkin
Laird Nelson wrote:
>
> Assaf Arkin wrote:
> > Roles is not a problem. Put Fred CSR in the *CSR* role, make sure
> > anything Joe can do, Fred CSR can do as well. Problem solved.
>
> Works for roles; doesn't work for ownership. What if Joe is the only
> one who is allowed to access his credit card information, regardless of
> the roles played?
>
> Cheers,
> Laird
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
