On Fri, 18 Jan 2002 10:29, MCCAY,LARRY (HP-NewJersey,ex2) wrote: > > I'd be much keener on 'group' than 'role' per se. A user > > belongs to one > > or more groups. Groups can belong to groups. Some groups can be > > mandatory and considered as roles. > > I can't remember where I first encoutered this design. > > Nearly a decade > > on AS/400's I guess. > > Perhaps, the RoleManager should really be PermissionManager - in the end a > role can be represented by a permission collection. A permission > collection can be associated with any arbitrary principal, including > identity and group principals. Within the spirit of J2EE we can still > support an abstraction of role-based access control - implemented without > any actual role per se.
So Role would be another principle? In effect you would do a mapping from "identity" principle to "ROle" principle and then just use that? I like that. -- Cheers, Pete ----------------------------------------------------------- "Remember, your body is a temple; however, it's also your dancehall and bowling alley" -- Dharma Montgomery ----------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
