Permission Policies

 

The Permission Policy determines Security System behavior when there are no explicitly specified permissions for a specific type, object or member. The default permission policy can be selected when creating a new XAF application using the Solution Wizard.

 

Expanded Deny

 

This policy type is required for providing compatibility to an older versions of XAF. The Deny policy implies that access is always denied when there are no explicitly specified permissions. In new applications, using the Allow/Deny policy instead of Deny is recommended. The Allow/Deny policy allows you to create more complex and flexible security configurations.

Note

 

Navigation Permissions are not supported for individual navigation items when the Deny Permission Policy is selected. The Navigation Permissions tab is not available in this mode. However, you can specify nevigation permissions for each type in the Type Permissions tab.

 

 

Expanded Allow/Deny

 

 

With the Allow/Deny permission policy, your application administrators can allow access to all data within the application for a specific role and simultaneously deny access to a few data types or members. Alternatively, it is possible to deny access to all data for a role and only allow access to a strict list of objects or members. Both approaches make it easy to allow/deny data access across a broad range of use-case scenarios. To use this feature, choose Allow/Deny Permission Policy on the Choose Security page of the Solution Wizard.

Note

 

If your application is created in earlier XAF versions, you need to upgrade an existing project to the Allow/Deny permissions policy. If you use Entity Framework as the ORM system, you may also need to perform a migration to switch from Deny to the Allow/Deny policy.

The following types of security users and roles are used with the Allow/Deny permission policy.

 Built-in XPO classesBuilt-in Entity Framework classesCommon interfaces to support in custom classes
User TypePermissionPolicyUserPermissionPolicyUserIPermissionPolicyUser
Role TypePermissionPolicyRolePermissionPolicyRoleIPermissionPolicyRole

The Entity Framework and XPO versions of these classes are declared in the Business Class Library. The primary difference with classes used for the Deny policy (SecuritySystemUser/User and SecuritySystemRole/Role) is that the role object exposes the IPermissionPolicyRole.PermissionPolicy property (declared in the IPermissionPolicyRole interface).

With this property, you can assign "deny all", "read only all" or "allow all" default permission policies for each role. For each operation, you can explicitly specify the Allow or Deny modifier or leave it blank.

If the modifier is not specified, the permission is determined by the role's policy type. Note that the role's policy has the lowest priority and is in play only when permissions are not explicitly specified.

转载于:https://www.cnblogs.com/foreachlife/p/7068311.html

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
HiveAccessControlException Permission denied是Hive中的一个错误,表示用户在Hive上执行操作时被拒绝了权限。具体报错信息为"Permission denied:user [test1] does not have [RWSTORAGE] privilege on [jdbc:oracle:thin:@//192.168.1.51:1521/orcl/test.table_for_hive] "。 这个错误通常是因为用户没有足够的权限来执行所需的操作。在这种情况下,解决方法是在Ranger中给test1用户授予相关权限。可以通过在Hadoop SQL Policies中添加一个策略或者在已有策略中配置Storage-type:*和Storage-url:*来解决这个问题。 此外,还有一种可能的原因是HDFS上缺少相应的用户目录。如果HDFS上没有/root用户对应的文件夹/user/root,那么Hive会默认以root身份将作业写入HDFS文件系统中。但由于root用户没有对HDFS目录的写入权限,就会导致该错误的发生。可以通过在HDFS中创建/root用户的目录并授权给root用户来解决这个问题。具体步骤可以使用以下命令: - 第一种方法: $ su - hdfs $ hdfs dfs -mkdir /user/root $ hdfs dfs -chown root:hdfs /user/root $ exit - 第二种方法:在HDFS的配置文件中将dfs.permissions修改为False(不推荐使用) - 第三种方法:在/etc/profile文件中添加export HADOOP_USER_NAME=hdfs,并执行source /etc/profile命令使其立即生效。也可以使用sed命令执行sed -i '$a export HADOOP_USER_NAME=hdfs',然后执行source /etc/profile。注意,这里的root可以是其他用户(路径),根据实际情况进行调整。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* *3* [16.HiveAccessControlException Permission denied](https://blog.csdn.net/weixin_43346403/article/details/129185685)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"] - *2* [hive报错 没有root用户权限 org.apache.hadoop.security.AccessControlException: Permission denied: user...](https://blog.csdn.net/SDKLHKJAS/article/details/106339890)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 50%"] [ .reference_list ]
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值