Announcement Announcement Module
Collapse
No announcement yet.
Can you define an acl-entry which grants a permission to a ROLE as well as a User? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can you define an acl-entry which grants a permission to a ROLE as well as a User?

    I understand how to use the acl framework to grant a certain permission to a 'user' for a certain object, but I want to grant permissions to a 'role' as well. (The principal receiving the permission is a ROLE, not a user.)

    In other words, I have defined SIDs representing GroupAuthorities / ROLE_*s, and have defined acl_entry rows with owner-sid-ids pointing to sids representing GroupAuthorities, instead of individual users.

    It's not working. Is it not possible to grant a certain permission to a ROLE for a certain object?
    =======
    SOLUTION
    =======
    Yes, you can.

    I found what my error was here: <http://burtbeckwith.github.com/grails-spring-security-acl/docs/manual/guide/2.%20Usage.html>

    AclSid

    The AclSid domain class contains entries for the names of grant recipients (a principal or authority - SID is an acronym for "security identity"). These are typically usernames (where principal is true) but can also be a GrantedAuthority (role name, where principal is false).


    I had defined acl_sid records with group names, instead of role names (granted authorites).

    It works now.
    Last edited by exitstan; Apr 15th, 2011, 04:12 PM. Reason: problem solved
Working...
X