» object types
|
|
How to use CAZE with different types of objects
More often than not, applications expose more than one class of objects.
Because an authorization policy is inherently tied to a single object type, it is generally recommended
to define separate authorization policies for different types of application objects.
In a sense, an application itself can be thought of as an object type and it
is usually helpful to define an authorization policy for the application as a whole.
For example the Document Approval application (discussed in the
tutorial) defines a separate authorization
policy for the document type and
for the whole application.
The document authorization policy contains actions and properties appropriate for document
instances, such as update document or send document to approval.
The application authorization policy contains actions fitting the
application as a whole, for example create new document.
|