I am using role based access control for authorization in an enterprise software. I created three classes: User
, Role
and Privilege
. User has a many to many relationship with Role and Role has a many to many relationship with Privilege. One of the customer's requirements is to add special privileges to a specific user. For example User u
has a Role called r
and according to that, u
can only call foo
service. But I want to add privilege p
so he can call bar
service too, even though that his role does not allow him to call bar
. Only solution that comes to my mind is that User has a many to many relationship with Privilege as well. But I don't think that is a good idea.
samedi 29 juin 2019
Grant special priviliges to user in RBAC
Inscription à :
Publier les commentaires (Atom)
Aucun commentaire:
Enregistrer un commentaire