Contractor usage
Herman
Herman at AerospaceSoftware.com
Thu Nov 6 23:40:38 CST 2003
On Friday 07 November 2003 2:19 am, Derek Atkins wrote:
> Let me think about this and get back to you. At a first
> approximation, the "user" should have some "user authentication
> context", and ALL engine APIs should require (either explicitly or
> implicitly) that context and verify the user's permission to perform
> the operation.
>
> Whether the underlying architecture is role-based, capability-based,
> or ACL-based can be decided later. The important point is that every
> API function need to check the context for permission to perform the
> operation -- which requires each API to have access to the user
> context.
>
> -derek
Another option is to modify the User Interface according to the permission
level of the user, so that some things just remain greyed out and
unavailable.
Cheers,
--
Herman
More information about the gnucash-user
mailing list