Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "HR Directory Access Control Policy"
(→Notes) |
|||
Line 5: | Line 5: | ||
== Notes == | == Notes == | ||
− | The above is a second | + | The above is a second attempt at modeling this use-case. All outstanding issues have been addressed. |
− | * A new diagramming style is used--it is more compact at representing the literal attributes of an Entity within a single rectangular box. | + | * A new diagramming style is used--it is more compact at representing the literal attributes of an Entity within a single rectangular box. The entire use case now fits on one diagram (just barely!) |
− | + | * The new ''groupSubject'' higgins:subject sub-attribute is now being used. This "tells" the Context that the subject for this policy is any subject that is a member of the stated Group (or any sub-group). | |
− | * The new ''groupSubject'' higgins:subject sub-attribute is now being used | + | * A new ''selfInstanceSubject'' higgins:subject sub-attribute is now being used. This is what allows us to have the subject of the policy be the Entity that represents the IdAS consumer. This fixes the bug found on July 10th dev call where modify access was being given to all employees. It should have been only managers and "me"--for the one Entity that "is" me. |
− | * A new ''selfInstanceSubject'' higgins:subject sub-attribute is now being used. This is what allows us to have the subject of the policy be the Entity that represents the IdAS consumer | + | * The ''operation'' attribute of the Access Control policy is exclusively concerned with defining the "Entity" resource scope. It may or may not be further restricted to specific attribute types by the use of the ''onAttribute'' (see next bullet). |
− | + | * A new attribute ''onAttribute'' is now being used. This attribute, if present, restricts the policy to apply only to attribute type(s) explicitly listed as its values. | |
+ | * See [[HOWL Update 1.1.104]] for related changes to support this use case | ||
==See Also== | ==See Also== | ||
* [http://wiki.eclipse.org/Access_Control_Use_Cases#HR_directory (this) HR Directory use case] | * [http://wiki.eclipse.org/Access_Control_Use_Cases#HR_directory (this) HR Directory use case] | ||
* all [[Access Control Use Cases]] | * all [[Access Control Use Cases]] |
Revision as of 20:46, 13 July 2008
{{#eclipseproject:technology.higgins}}
File:Access-control-use-cases-hr-v3.png
Notes
The above is a second attempt at modeling this use-case. All outstanding issues have been addressed.
- A new diagramming style is used--it is more compact at representing the literal attributes of an Entity within a single rectangular box. The entire use case now fits on one diagram (just barely!)
- The new groupSubject higgins:subject sub-attribute is now being used. This "tells" the Context that the subject for this policy is any subject that is a member of the stated Group (or any sub-group).
- A new selfInstanceSubject higgins:subject sub-attribute is now being used. This is what allows us to have the subject of the policy be the Entity that represents the IdAS consumer. This fixes the bug found on July 10th dev call where modify access was being given to all employees. It should have been only managers and "me"--for the one Entity that "is" me.
- The operation attribute of the Access Control policy is exclusively concerned with defining the "Entity" resource scope. It may or may not be further restricted to specific attribute types by the use of the onAttribute (see next bullet).
- A new attribute onAttribute is now being used. This attribute, if present, restricts the policy to apply only to attribute type(s) explicitly listed as its values.
- See HOWL Update 1.1.104 for related changes to support this use case