Re: Fine grained/Object-level security example

On Tuesday, June 19, 2012 11:52:05 AM UTC-4, Robottaway wrote: > > Wanted to chime in and say this, in case it isn't obvious. You need the > ALL the permissions to be contry specific not just the view, otherwise you > leave a security hole open where one can view only those in his country but >

Re: Fine grained/Object-level security example

Wanted to chime in and say this, in case it isn't obvious. You need the ALL the permissions to be contry specific not just the view, otherwise you leave a security hole open where one can view only those in his country but can update anything. As Daniel pointed out you could use the format like

Re: Fine grained/Object-level security example

One way to do this might be to give the agent a principal like Country:US (the two letter country code of the agent's address). The customer object would have a matching ACL with their country code: [ (Allow, 'Country:US', 'agent permissions') ] If you are using traversal and it suits your appl

Fine grained/Object-level security example

Hi, I am developing an ERP application and the authorization requirements are crazy complicated. I'm pretty sure I need object-level security as stated in the Auth tutorialof Pyramid by Michael Merickel. The problem