shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel J. Lauk" <>
Subject Re: Instance level security w/ Permissions
Date Mon, 26 Jan 2009 16:58:12 GMT
Les, Peter,

thanks for the details.

>> Instance-level permissions are very powerful indeed, however, you don't
>> want to create hundreds or thousands of them.  Typically my applications use
>> a mix of logic that requires knowledge of how the application works as well
>> as permission checks:

So reducing the count of entries in the DB will speed things up? ;-)

>> Based on your example, I would only check if someone is allowed to review
>> an entry if they are NOT the reviewer already assigned to the entry.

Well, actually, nobody but the assigned reviewer is allowed.
As I will have the field around for DB queries anyway, I guess that
permissions don't add value from the app logic point of view.
Nevertheless they add value from the point of view that permissions go
along with functionality as opposed to roles.

Please correct me, if I'm wrong.


View raw message