Wednesday, January 27, 2010

Cubi Access Control (ACL)

Cubi will extend the existing Openbiz access control approach by allowing administrator the manage role access to system resources. The following chapter outlines how ACL is managed in Cubi.

Basic ideas: define how a role can access application resource.

1. Define resource and its actions
In each module, it can have mod.xml under the module root directory. In mod.xml, there can be a "ACL" section which can have multiple resources. Each resource can have more than 1 actions. For example,
<Resource Name="User">
<Action Name="Administer_Users" Description="Administration of users"/>

2. Link Access resource action to Object
In each Openbiz object, developer can set Access attribute to certain resource action. For example,
<EasyView Name="UserListView"... Access="User.Administer_User">
gives the administer user access to the system.view.UserListView

3. Assign Role permission to resource action
In the role detail page, user can pick "Allow" or "Deny" to all available resource actions. Say, we give role "member" a "Deny" to User.Administer_User. Then when a user with member role tries to access the RoleListView, an access deny page will shown to the user.

Access attribute can be given to View, Form, Element, DataObj.

No comments:

Post a Comment