|
|
Hi all,
I'm in need of some help. My database contains inventory belonging to multiple groups. A user can be a member of multiple groups. And the user has a single role within each group. When the user accesses data, they can only retrieve it if they are part of that group. The actions they can perform on the data is based on their role. Does anyone know how to implement this? Or maybe point me in the right direction? Thanks.
It might be worth having a look at the domain object security functionality, this sounds similar to what your trying to do. Other than that it would be useful to have some more information about exactly what your are trying to do.
docbook...ml#domain-acls
Also another thought, as GrantedAuthority is just an interface, you could create your own implementation with no only a role name but also some groups.
Here is what I have so far. My database contains vehicles from multiple car dealerships and users who are associated with a dealership. Each user currently has a role that allows them to access only cars within their dealership. This works fine if a user is only part of one dealership.
Unfortunately, I will need to revise my application to allow a single user to be part of multiple dealerships. It would mean that a user may have a role of quot;managerquot; at one dealership, but be a normal quot;userquot; at another. As a manager, they would be allowed to view and edit the list of users and cars within the dealership. As a normal user, they would just have access to view cars and only edit their own personal information.
I hope this makes sense. I'm hoping to avoid ACLs because it may make the security too complex. Maybe the best way to do this is just force the user to create another account for each dealership they are part of. Thanks for the help.
Couldn't you just incorporate the dealership in the role? e.g. ROLE_MANAGER_LONDON, ROLE_MANAGER_SHEFFIELD, etc.. |
|
Post at 2011-4-15 15:38
| This Author's Posts Only
