Mike, > > > The reason is that we use the hint "createdb-seq" in the menu, so > > Navigate ends up checking auth. for Sequence and not CreateDB. I think, > > for now, the simple work around of preventing the display by group works > > just fine. In the future, we might create a special auth-manager for > > Sequence that actually checks the auth for the model pointed to by the > > current step. > > Good point. In fact, is this a "hole", e.g. can a user not authorized to a model actually execute the model via a sequence? >
Fortunately, the answer is no. When Sequence acquires the model from the container, the actual security check is done by the container life-cycle extension against the model. We're covered there! This is only a problem for the display in the menu, Navigate is checking the Sequence permissions, rather than the Model's permissions. Shash http://keelframework.org/documentation Keelgroup mailing list [EMAIL PROTECTED] http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com
