On Tuesday, June 19, 2012 11:52:05 AM UTC-4, Robottaway wrote: > > Wanted to chime in and say this, in case it isn't obvious. You need the > ALL the permissions to be contry specific not just the view, otherwise you > leave a security hole open where one can view only those in his country but > can update anything. > > As Daniel pointed out you could use the format like [(Allow, 'Agent:US', > 'read'), (Allow, 'Agent:US', 'modify')] so that you can limit the Agent > users to a given country. > > The special DENY_ALL as the last entry in the ACL would be appropriate.
-- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/kn4tIgVBrlAJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
