Thanks for the prompt reply If necessary, I can also give permissions on the entity which should override any permissions given on the entity group.
so if User 1 is not allowed to view the entity based on the permissions set on the entity group. I can grant him access by giving permissions on the particular entity. On Apr 10, 2:56 pm, Ayende Rahien <[email protected]> wrote: > Joe,That is why you have Entity Group for, you move the entities between the > groups based on their status. > And you give permission to operation on an entity group > > On Fri, Apr 10, 2009 at 9:38 PM, [email protected] < > > [email protected]> wrote: > > > I am in the process of evaluating Rhino Security for an upcoming > > project where we need to restrict access based on the request status. > > > Without the status restriction, the implementation might look as > > follows. > > Create the following operations and grant/deny access accordingly. > > "Request/View" > > "Request/Edit" > > "Request/Delete" > > > With status restriction, I was thinking of implementing something > > along these lines. > > Operations > > "Request/[Status 1]/View" > > "Request/[Status 1]/Edit" > > "Request/[Status 1]/Delete" > > . > > . > > . > > "Request/[Status n]/View" > > "Request/[Status n]/Edit" > > "Request/[Status n]/Delete" > > > What do guys think? Do you foresee any problems with this. > > > Thanks > > Joe --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en -~----------~----~----~----~------~----~------~--~---
