Contractor usage

Herman Herman at AerospaceSoftware.com
Thu Nov 6 23:40:38 CST 2003


On Friday 07 November 2003 2:19 am, Derek Atkins wrote:
> Let me think about this and get back to you.  At a first
> approximation, the "user" should have some "user authentication
> context", and ALL engine APIs should require (either explicitly or
> implicitly) that context and verify the user's permission to perform
> the operation.
>
> Whether the underlying architecture is role-based, capability-based,
> or ACL-based can be decided later.  The important point is that every
> API function need to check the context for permission to perform the
> operation -- which requires each API to have access to the user
> context.
>
> -derek

Another option is to modify the User Interface according to the permission 
level of the user, so that some things just remain greyed out and 
unavailable.

Cheers,
-- 
Herman


More information about the gnucash-user mailing list