I'd like to use Rhino Security for restricting access to operations
over entities in the system, but I'm not sure if it's suitable for
this complex scenario. My current mind state is that it should be
possible if I'm able to develop some background process (probably
service-bus based) which would be able to generate entity groups for
all new/modified entities. However this means that there will be quite
a huge amount of entity groups without any good intent background.
There won't be groups like "customers which don't pay bills" etc, but
just groups like "customers for user X", which would contain all the
allowed customers. There will be some other operations which would be
controlled in much more Rhino Security-standard way like "only
managers are able to invalidate a customer" though.
I'd appreciate any thoughts on this problem...
--
You received this message because you are subscribed to the Google Groups "Rhino Tools Dev" group.
To post to this group, send email to rhino-t...@googlegroups.com.
To unsubscribe from this group, send email to rhino-tools-d...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rhino-tools-dev?hl=en.
> > rhino-tools-d...@googlegroups.com<rhino-tools-dev%2Bunsubscribe@ googlegroups.com>
To unsubscribe from this group, send email to rhino-tools-d...@googlegroups.com.
I would actually reverse that and say that you have a user groups per
customer, instead of per user.
That way you can control settings at the customer level, not the user
level. This is often how this is done.