Permission Policies

 

The Permission Policy determines Security System behavior when there are no explicitly specified permissions for a specific type, object or member. The default permission policy can be selected when creating a new XAF application using the Solution Wizard.

 

Expanded Deny

 

This policy type is required for providing compatibility to an older versions of XAF. The Deny policy implies that access is always denied when there are no explicitly specified permissions. In new applications, using the Allow/Deny policy instead of Deny is recommended. The Allow/Deny policy allows you to create more complex and flexible security configurations.

Note

 

Navigation Permissions are not supported for individual navigation items when the Deny Permission Policy is selected. The Navigation Permissions tab is not available in this mode. However, you can specify nevigation permissions for each type in the Type Permissions tab.

 

 

Expanded Allow/Deny

 

 

With the Allow/Deny permission policy, your application administrators can allow access to all data within the application for a specific role and simultaneously deny access to a few data types or members. Alternatively, it is possible to deny access to all data for a role and only allow access to a strict list of objects or members. Both approaches make it easy to allow/deny data access across a broad range of use-case scenarios. To use this feature, choose Allow/Deny Permission Policy on the Choose Security page of the Solution Wizard.

Note

 

If your application is created in earlier XAF versions, you need to upgrade an existing project to the Allow/Deny permissions policy. If you use Entity Framework as the ORM system, you may also need to perform a migration to switch from Deny to the Allow/Deny policy.

The following types of security users and roles are used with the Allow/Deny permission policy.

 Built-in XPO classesBuilt-in Entity Framework classesCommon interfaces to support in custom classes
User TypePermissionPolicyUserPermissionPolicyUserIPermissionPolicyUser
Role TypePermissionPolicyRolePermissionPolicyRoleIPermissionPolicyRole

The Entity Framework and XPO versions of these classes are declared in the Business Class Library. The primary difference with classes used for the Deny policy (SecuritySystemUser/User and SecuritySystemRole/Role) is that the role object exposes the IPermissionPolicyRole.PermissionPolicy property (declared in the IPermissionPolicyRole interface).

With this property, you can assign "deny all", "read only all" or "allow all" default permission policies for each role. For each operation, you can explicitly specify the Allow or Deny modifier or leave it blank.

If the modifier is not specified, the permission is determined by the role's policy type. Note that the role's policy has the lowest priority and is in play only when permissions are not explicitly specified.

转载于:https://www.cnblogs.com/foreachlife/p/7068311.html

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值