Contractor usage

Herman Herman at
Thu Nov 6 23:40:38 CST 2003

On Friday 07 November 2003 2:19 am, Derek Atkins wrote:
> Let me think about this and get back to you.  At a first
> approximation, the "user" should have some "user authentication
> context", and ALL engine APIs should require (either explicitly or
> implicitly) that context and verify the user's permission to perform
> the operation.
> Whether the underlying architecture is role-based, capability-based,
> or ACL-based can be decided later.  The important point is that every
> API function need to check the context for permission to perform the
> operation -- which requires each API to have access to the user
> context.
> -derek

Another option is to modify the User Interface according to the permission 
level of the user, so that some things just remain greyed out and 


More information about the gnucash-user mailing list