Access Control Scenario Five
Scenario Description
Artifact Y can be used by any user only for records determined by Constraint Z.
Current Implementation Example
New Design Implementation Example
This description includes permission expressions that are in the form of ArtifactIdentifier[PermissionsList]. The expressions are illustrative - they are not intended to be some kind of "permission string." How permissions are stored and managed depends upon the Authorization Manager implementation.
User group "OFBiz Users" is assigned the following permissions:
Using the static artifact hierarchy
OFBiz/component/entity/EntityName[filter=ConstraintZ]
Using the dynamic artifact hierarchy
OFBiz/component/WebApp/ControllerRequest/ControllerRequestEvent/Service/EntityName[filter=ConstraintZ]
OFBiz/component/WebApp/ControllerView/WidgetScreen/Service/EntityName[filter=ConstraintZ]
(PermissionsList duplicated for every execution path that leads to the entity)