The question and answer here <http://shiro-user.582556.n2.nabble.com/How-to-add-a-role-to-the-subject-td5562700.html#a5564409> tell us how to invalidate the AuthorizationInfo (by clearing cache) for a user that caused the event that requires updated roles and permissions.
How do we handle modifying other users' permissions that are affected by this? For example, an Agent is managed by an Admin. The Admin can do whatever the Agent can do. However, there are sets of Admins and Agents. Say Agent1 creates ResourceA. Admin1 manges Agent1. So Admin1 and Agent1 can modify ResourceA. But Admin1 and Agent1 cannot modify ResourceB that was created by another Agent2 managed by another Admin2. If Agent1 deletes ResourceA, we can invalidate their AuthorizationInfo, but how do we propagate that event to Admin (or other Subjects') sessions? -- View this message in context: http://shiro-user.582556.n2.nabble.com/Updating-roles-and-permissions-for-related-Subjects-tp7578957.html Sent from the Shiro User mailing list archive at Nabble.com.
