Here the example I'm thinking about... if the permission check on my method is "alert.status.view", I can create a role with that permission and add users into the role. Later on if I want all authenticated users to have that permission, I would have to add all 40k users (and new users as they come into the system) into the role. Even later on if I want anyone, even anonymous users to have access to the method, I would have to do a code change and remove the permission check from my method.
----- Original Message ----- From: "Shawn McKinney" <[email protected]> To: [email protected] Sent: Tuesday, December 8, 2015 11:41:41 AM Subject: Re: All or Anonymous User Roles > On Dec 8, 2015, at 9:26 AM, Chris Pike <[email protected]> wrote: > > Currently, our clients use the fortress API to lookup roles and permissions > for the already authenticated user. So being authenticated or anonymous is > determined by the client and is an input to the fortress API. > Agreed the client knows if it is authenticated or not but still confused on what you’re seeking. Are you asking to assign a particular role to a user based on the client’s understanding of the same user's bind status? Sort of like a ‘default’ role that all users have if they are either anonymous or bound connection to ldap? Shawn
