You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Anil Patel <to...@gmail.com> on 2007/01/03 00:00:34 UTC

Security Permission check conventions/ best practices

Hi,
A question on current accepted best practices for Permission check in CRUD
services. I see the service createPartyRole checks for _ROLE_CREATE in Party
component. In most of the recent development I see _CREATE required instead
of entity specific like _ROLE_CREATE.

I thought to spend sometime to modernize the createPartyRole and
deletePartyRole services, I mean rewrite them in simple method. I am not
sure what kind of security permission check should I use.

Any thoughts!

Regards
Anil Patel