You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Pillar <so...@hotmail.com> on 2013/07/26 16:36:08 UTC

Updating roles and permissions for related Subjects

The question and answer  here
<http://shiro-user.582556.n2.nabble.com/How-to-add-a-role-to-the-subject-td5562700.html#a5564409>  
tell us how to invalidate the AuthorizationInfo (by clearing cache) for a
user that caused the event that requires updated roles and permissions.

How do we handle modifying other users' permissions that are affected by
this?

For example, an Agent is managed by an Admin. The Admin can do whatever the
Agent can do. However, there are sets of Admins and Agents. Say Agent1
creates ResourceA. Admin1 manges Agent1. So Admin1 and Agent1 can modify
ResourceA. But Admin1 and Agent1 cannot modify ResourceB that was created by
another Agent2 managed by another Admin2.  

If Agent1 deletes ResourceA, we can invalidate their AuthorizationInfo, but
how do we propagate that event to Admin (or other Subjects') sessions?



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Updating-roles-and-permissions-for-related-Subjects-tp7578957.html
Sent from the Shiro User mailing list archive at Nabble.com.