The access rules, control the access to life-cycle objects per user (see
javadoc). No access means Master- or SubConnection creation fails!
The feature is useful if your application menu is not hard-coded e.g. read it from a database or remote config files. Or it is great if you group some actions into life-cycle objects but it should not be possible, for every user, to call the actions. You need restrictions per user to access specific life-cycle objects.
It is possible to implement your own security manager or re-use the DBSecurityManager which offers a full reference implementation based on tables/views.
Do you develop something like
this?
Our showcase app
Packung! has such a dynamic menu.
Assumption:
You have roles and want to assign screens to roles.
You assign roles to users (means, a user has a list of screens).
The application menu is created automatically based on "user screens".
Possible solution:
You need tables for screens, roles, users. Create relations between them.
You should use the DBSecurityManager and use the USERS table as described [url=forum.sibvisions.com/viewtopic.php?f=11&t=149&p=201]here[/url].
If you use the DBSecurityManager, you should create a view (table is also possible but not so dynamic) with the name V_ACCESSRULES (columns: USERNAME, LIFECYCLENAME). The view should return the allowed life-cycle object names per user.
Now, a user is not able to call actions or objects from life-cycle objects that are not granted.