Jeff Brekke wrote:
<snip>
> <registry>
> ...
> <portlet ...>
> ...
> <security>
> <access mode="view">
> <allow>
> <role>a role
> <permission>a role permission</permission>
> <permission>another permission</permission>
> </role>
> <user>a username</user>
> </allow>
> <deny>
> <role>a role</role>
> <user>a username</user>
> </deny>
> </access>
> </security>
> ...
> </portlet>
> ...
> </registry>
ok.. in my last e-mail I refereneced 'operation'.... 'permission' is
much better :)
> Username is just matched against the user attempting access. Since
> permissions are not specified in the deny/role part, they are not used. Any
> user in the role specified would be denied. But in allow, any user in the
> given role, that has one of the given permissions, will have access. I think
> we need to have the <deny></deny> portion to allow for more fine-grained
> control of access.
+1
<snip>
--
** Should SUN Open Source Java? Please Vote:
http://relativity.yi.org/java **
Kevin A Burton (e-mail: [EMAIL PROTECTED], UIN: 73488596, ZKey:
burtonator)
http://relativity.yi.org
Message to SUN Microsystems: "Please Open Source Java!"
To fight and conquer in all your battles is not supreme excellence;
supreme
excellence consists in breaking the enemy's resistance without fighting.
- Sun Tzu, 300 B.C.
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
