I guess I don't know what you mean by a resource group? Can you give an example ?
If I had a group of similar resources, I would assign them similar named permissions, (similar to the printer example in the link below) You could do the same for user management: users:*:* - admin user can modify any user resource users:bdemers:* - I can modify only my resource users:*:read - I can read any users On Mon, Mar 2, 2015 at 9:48 AM, Raghuram Devarakonda <[email protected]> wrote: > > On Sun, Mar 1, 2015 at 2:31 PM, Brian Demers <[email protected]> > wrote: > >> If you haven't already take a look at wild card permissions: >> http://shiro.apache.org/permissions.html >> > > Yes, I did read about wild card permissions and they do support what I had > in mind. > > >> >> For #3 and #4 >> In my mind roles and groups are used almost interchangeably. But if i >> had to split them up, I would say that a role is a collection of >> permissions, and a group is a collection of users. In this case a Role >> could be assigned to an individual user or a Group. A simple example might >> be an 'Administrator-role' would likely contain all permissions. An >> 'Administrator-group' would contain all your admin users. You would assign >> the 'Administrator-role' to the 'Administrator-group' (this would be done >> in a realm. >> > > Thanks. This clarifies the concepts a bit. But can you tell me if there is > a concept of grouping resource instances together, say into a resource > group? Of course, if the application is responsible for modelling the > entities, I guess it can implement the resource group concept itself but I > just wanted to know if Shiro provides or recognizes any such support. > > >> >> As for your question about realms. Yes, in respects to only supporting >> 'read' operations, this is mainly because most applications have there own >> requirements, for example lots of applications store users in some other >> type of store (i.e. LDAP / AD) >> >> Does that answer your questions? >> > > Mostly yes. Thanks a lot. > > Raghu > > >
