Hi Daniel, > Now my question is -- just to be sure: > When I change the relationship of a user to a domain object, I'd have > to change permissions as well, right?
It depends. Rather than start with permissions and domain classes, I think it will be easier to answer your question if you start with the security rules you want to implement. For example, "I have lots of books, each of which can only have one reviewer. The reviewer may change but only the current one can review a particular book." One thing you might want to consider: in this example model, each book effectively has an associated permission record. If you have lots of books, that means lots of permissions! Of course, if that's what the model requires, then that's what you have to do :) Cheers, Peter
