Previous topic  Top  Next topic  Print this Topic
 

Role-Based Security

 

Role-based security allows you to specify users, their roles and their permissions in a security ontology.

A short example:

:- module = $security.

:- importmodule $'security-core'.

 

Joe:User[hasRole->ResearchAndDevelopmentMember].

Jane:User[hasRole->HumanResourcesMember].

 

ResearchAndDevelopmentMember:Role[

   hasReadPermission->Developers].

 

ControllingMember:Role[

   hasReadPermission->Salaries;

   hasWritePermission->Salaries].

This means

Joe has the role "ResearchAndDevelopmentMember" and has read permission to the module "Developers" (which probably contains information about other developers, their projects and favorite programming languages).
Jane has the role "HumanResourcesMember". So she has access to the "Salaries" module which contains interesting information about the salaries of all people working in the company.

Read more about permissions here.

Now consider that Joe is interested in the salaries of the other developers in his team. He will execute

?X ?- ?X:Developer@Developers AND ?X[hasSalary->?Y]@Salaries.

The first part of this query is OK: He has the rights to access the "Developers" module. But the second part of the query is not OK: He does not have the required read access rights to module "Salaries", so he gets no answers.