The Permission Policy determines Security System behavior when there are no explicitly specified permissions for a specific type, object or member. The default permission policy can be selected when creating a new XAF application using the Solution Wizard.

 

 Deny

 

This policy type is required for providing compatibility to an older versions of XAF. The Deny policy implies that access is always denied when there are no explicitly specified permissions. In new applications, using the Allow/Deny policy instead of Deny is recommended. The Allow/Deny policy allows you to create more complex and flexible security configurations.

Note

Navigation Permissions are not supported for individual navigation items when the Deny Permission Policy is selected. The Navigation Permissions tab is not available in this mode. However, you can specify nevigation permissions for each type in the Type Permissions tab.

 

 Allow/Deny

 

With the Allow/Deny permission policy, your application administrators can allow access to all data within the application for a specific role and simultaneously deny access to a few data types or members. Alternatively, it is possible to deny access to all data for a role and only allow access to a strict list of objects or members. Both approaches make it easy to allow/deny data access across a broad range of use-case scenarios. To use this feature, choose Allow/Deny Permission Policy on the Choose Security page of the Solution Wizard.

Note

If your application is created in earlier XAF versions, you need to upgrade an existing project to the Allow/Deny permissions policy. If you use Entity Framework as the ORM system, you may also need to perform a migration to switch from Deny to the Allow/Deny policy.

The following types of security users and roles are used with the Allow/Deny permission policy.

  Built-in XPO classes Built-in Entity Framework classes Common interfaces to support in custom classes
User Type PermissionPolicyUser PermissionPolicyUser IPermissionPolicyUser
Role Type PermissionPolicyRole PermissionPolicyRole IPermissionPolicyRole

The Entity Framework and XPO versions of these classes are declared in the Business Class Library. The primary difference with classes used for the Deny policy (SecuritySystemUser/User and SecuritySystemRole/Role) is that the role object exposes the IPermissionPolicyRole.PermissionPolicy property (declared in the IPermissionPolicyRole interface).

With this property, you can assign "deny all", "read only all" or "allow all" default permission policies for each role. For each operation, you can explicitly specify the Allow or Deny modifier or leave it blank.

If the modifier is not specified, the permission is determined by the role's policy type. Note that the role's policy has the lowest priority and is in play only when permissions are not explicitly specified.

Permission Policies的更多相关文章

  1. SharePoint Security and Permission System Overview

    转:http://www.sharepointblues.com/2010/09/01/sharepoint-security-and-permission-system-overview/ Shar ...

  2. Using the Security System 使用安全系统

    In this lesson, you will learn how to use a Security System in the application. When you use this sy ...

  3. Request for the permission of type异常

    调用wcf调用的时候引发一个错误,错误信息如下: <Message>Request for the permission of type 'System.Configuration.Con ...

  4. apache 访问权限出错,apache selinux 权限问题, (13) Permission Denied

    今天在使用 httpd 做文件服务器的时候,发现 png 图像没有打开,但是原本www/html 文件夹内部的文件就可以打开.后来猜测是selinux 的问题,之前一直想写一篇关于selinux 的博 ...

  5. Android权限管理之Permission权限机制及使用

    前言: 最近突然喜欢上一句诗:"宠辱不惊,看庭前花开花落:去留无意,望天空云卷云舒." 哈哈~,这个和今天的主题无关,最近只要不学习总觉得生活中少了点什么,所以想着围绕着最近面试过 ...

  6. [Django]用户权限学习系列之Permission权限基本操作指令

    若需建立py文件进行测试,则在文件开始加入以下代码即可 #coding:utf-8 import os os.environ.setdefault("DJANGO_SETTINGS_MODU ...

  7. SharePoint 2103 Check user permission on list

    一.需求: check user 对SharePoint list 的permission 代码如下: private static string GetListPermission(SPList l ...

  8. vsftpd安装配置 530 Permission denied.错误

    yum install vsftpd service vsftpd start 530 Permission denied.错误 /etc/vsftpd/user_list    该文件里的用户账户在 ...

  9. RBAC中 permission , role, rule 的理解

    Role Based Access Control (RBAC)——基于角色的权限控制 permission e.g. creating posts, updating posts role A ro ...

随机推荐

  1. September 24th 2017 Week 39th Sunday

    To live is the rarest thing in the world. Most people exist. That is all. 生活是世间最罕见的事情:生存,却是世间最常见的事情: ...

  2. docker 部署django项目(nginx + uwsgi +mysql)

    最近在学习用docker部署Django项目,经过百折不挠的鼓捣,终于将项目部署成功,爬过好多坑,也发现很多技能需要提高.特此写下随笔与小伙伴们分享,希望能对大家有所启发. docker的理论我就不赘 ...

  3. HDU1407 测试你是否和LTC水平一样高

    题目大意:给出一个num,计算方程x^2+y^2+z^2 = num的第一个正整数解(字典序),0 < num <= 10000. 方法参考了网上的博客,自己打了一波,发现还有很多不懂的地 ...

  4. Rabbitmq.md

    RabbitMQ介绍 什么是RabbitMQ RabbitMQ是实现AMQP(高级消息队列协议)的消息中间件的一种,最初起源于金融系统,用于在分布式系统中存储转发消息,在易用性.扩展性.高可用性等方面 ...

  5. 1.6 Navigating This Book(本书导航)

    1.6 Navigating This Book(本书导航) 如果之前没有接触过Python,那么你应该在第2章和第3章多花一些时间.这两章介绍了Python语言的特性和IPython shell以及 ...

  6. swift直接赋值与引用赋值都会触发willSet

    class baseGoo{ var isScannerRunning = false { willSet{ print(newValue) } } var desp:String = "& ...

  7. UVa 1642 - Magical GCD(数论)

    链接: https://uva.onlinejudge.org/index.php?option=com_onlinejudge&Itemid=8&page=show_problem& ...

  8. 看到了一个pipeline例子,

    pipeline { agent any options { timestamps() } parameters { string(name: 'GIT_BRANCH', defaultValue: ...

  9. Java实现数据库操作

    Java实现数据库操作 这里的样例是使用mysql数据库 代码实现 /* MySQLHelper.java */ import java.io.*; import java.util.*; impor ...

  10. 文件上传之MultipartFile使用

    转载 文件断点上传,html5实现前端,java实现服务器 一.单/多文件上传使用例子: 工程路径如下 -src |--main.java    --controller    --service  ...