1. Your realm reads its users, roles and permissions from some backend system (e. g. database). So user A would have a role R which has the VIEW permission. Now, all you need do is change the permission of role R from VIEW to READ and WRITE inside the database. This change will only take effect once the cache is either flushed explicitly (https://shiro.apache.org/static/1.2.3/apidocs/) or implicitly because the user logs in anew.
2. You cannot use JSP tags in JSF. A short google search brought this up : https://github.com/deluan/shiro-faces I use the following pattern in my JSF / CDI application: code in facelet: disabled="#{!compendium.isPermitted('base:write:name')}" code in compendium backing bean: public boolean isPermitted(String permission) { return subject.isPermitted(permission); } -- View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-implement-Dynamic-roles-and-permissions-in-apache-shiro-tp7580743p7580756.html Sent from the Shiro User mailing list archive at Nabble.com.
