security-roles

来源： https://stackoverflow.com/questions/20979090/role-based-access-control-rbac-cares-about-permission-or-roles

问题 How do large companies implement their security requirements which are centralized and used to drive things people can do (allowed to call a certain web-service, submit an order, etc.) as well as to drive UI (disable buttons, menu options, individual form fields)? I am considering RBAC architecture: Users -> Roles, Roles -> Privileges. Complex applications with permissions based on many individual field-account-user-role-amountThreshhold would have many, many "Roles" and managing this gets

问题 This is the first dll I have made. It's purpose is to grab territory names from a database and return as an mdx set. The dll compiled perfectly fine, but when I go to deploy the dll as an assembly in bids to my cube, I get the following error: Clr Assembly must have main file specified error The dll is supposed to be like a ssas stored procedure so I can set permission in a role for ssas. Thanks! Ethan 回答1: I finally figured out a solution! I believe that because of the msmgdsv.dll being of

问题 I have a Glassfish server in production which uses JDBC Realm for authentication. It works well, but there is the need to change all the roles/groups. I developed a new version of the web application in a test environment changing glassfish-web.xml and web.xml to align them with the groups contained in the groups table on the db for test. Everything works flawlessly. So I moved the web application to the production environment and updated the content of the groups table on production db. The

问题 I'm currently looking into the spring-security framework - great stuff so far, pretty impressed. However, I haven't found out where or how to define a inheritance of permissions. e.g. I want the ROLE_ADMIN to have at least the same rights as the ROLE_USER. I defined three intercep-urls for spring: <intercept-url pattern="/auth/login.do" access="permitAll"/> <intercept-url pattern="/voting/*" access="hasRole('ROLE_USER')"/> <intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')"/>

问题 CRM 2015: I want to be able to create a role for local IT to be able to add user accounts and assign roles. Regarding the 'adding roles' portion, is it simple enough just to create a role for local IT to 'write' to 'security' roles in the'business management' tab of 'security roles' at the user level? 回答1: No, this is not that simple. User cannot give another user privilege higher than he has (it would be a serious security hole). So for example you have role to edit Security roles and you

问题 I understand how to restrict entire pages, or even components by implementing <cflogin> and roles. For example: <cfif IsUserInRole("Admin") OR IsUserInRole("Accounting")> ...You can view this page... <cfelse> ...You can not view this page... </cfif> But how is it recommended to restrict certain facets of a page? Say for example an "Admin" is allowed to send Global Messages to all users, but that option is not available for a regular "User" I suppose I could use the Session to manipulate my

问题 There are three default security roles in CloudKit: World Authenticated Creator And three permissions: Create Read Write How do these security roles and permissions work? Here are examples of some of the questions I would hope get answered by an explanation of security roles: What do the three roles mean? The first two seem obvious, but the last one seems less so. E.g. does Creator refer to the creator of the table, or the creator of a record? Where would the deletion permission fall under?

问题 I have an ASP.Net website with multiple roles, each with access to a separate directory (i.e. admin users can access /admin, shoppers can access /shop etc), using a shared login page. If someone visits the login page with the return URL set to a directory they do not have access to (e.g. a shopper visits /login.aspx?returnurl=/admin/index.aspx), the user can authentice successfully (the login credentials are valid), but they end up back at the login page (they don't have access to the page

问题 What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration such as the example below? <http auto-config="false" access-decision-manager-ref="accessDecisionManager" use-expressions="true"> <intercept-url pattern="/admin/**" access="hasRole('ROLE_ANONYMOUS')" requires-channel="http" /> <intercept-url pattern="/login/**" access="hasRole('ROLE_ANONYMOUS')" requires-channel="${application.secureChannel}" /> <intercept-url pattern="/error/**" access="hasRole