OFBiz OFBiz - User

Re: Users - Security API: What am I missing?

Posted by Vinay Agarwal on
URL: http://ofbiz.116.s1.nabble.com/Users-Security-API-What-am-I-missing-tp139327p139342.html

Adrian,
The problem of assigning permissions to the user is that they are "static,"
i.e., the user will keep those permissions for other calls. If one wanted
more "dynamic" permission capabilities, that authenticates user for a
specific functionality at a specific time, there doesn't seem to be a way
other than "system" userLogin.
Vinay

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Adrian Crum
Sent: Thursday, May 18, 2006 9:47 AM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Security API: What am I missing?

No, it's best to determine what permissions the services are looking for and

assign those permissions to the user. You might need to assemble them into a

security group and assign that group to the user.

Vinay Agarwal wrote:

> That's the easy way of doing it which is essentially a custom security
> function. This poses another problem that once you have authenticated a
> userLogin to do something, other services may block that userLogin from
some
> required stuff. Is changing userLogin to "system" the best way to do it?
>
> Vinay
>

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Free forum by Nabble Edit this page