Hi all, Our existing implementation had only a few permissions on managing BPMN related tasks which are not sufficient for our REST based implementation. With the introduction of new REST APIs, we need to provide more fine-grained resource authorizations. So I have prepared the following permission scheme for our C5 based implementation.
Resource Type Allowed Actions Deployment READ CREATE DELETE Process Definition READ UPDATE READ_HISTORY DELETE_HISTORY Process Instance CREATE READ UPDATE DELETE Task CREATE READ UPDATE DELETE TASK_ASSIGN TASK_WORK Most of the above terms are self-explanatory. TASK_WORK permission is required for claim and complete tasks. TASK_ASSIGN permission is required to change the assignees and candidate users related to tasks. However, the UPDATE permission is sufficient for both of these operations. In an implementation point of view, I believe we can load resources and actions through a policy file (Policy related component is still under development by IS team) and we can use the CAAS APIs to authorize users against each REST API method. -- Vinod Kavinda Software Engineer *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* Mobile : +94 (0) 712 415544 Blog : http://soatechflicks.blogspot.com/ [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
