Thanks Rickard.
Rickard Öberg wrote:
> EJB, or J2EE, does not deal with management of security ACL's. However, the names
> that you supply in deploymentdescriptors should be roles, not
> actual usernames. This allows some indirection to be performed at runtime.
>
> Again, whenever you set security restrictions on EJB's you should use role-names,
> not user-names.
According to the requirements, we should allow the User to create roles dynamically
(something like a CREATE ROLE in Oracle). So, what we were planning was to define and
document a set of Permissions and their meaning. The user could then give a role name
and check all the permissions applicable for that role.
How is this possible using EJBs?
Regards.
--
shiv
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
