B
bronco
Guest
Just my 2c: I would keep the roles pretty simple. For example api_user (or maybe a bit more specific crm_api_user, finance_api_user). When you log in to an IHybridRealm implementation you can assign the roles to a user. These roles can be used in oeablSecurity.csv to keep people out. Now the nitty gritty auth can be done within 4GL: create a generic WebHandler and program in that WebHandler do the check against your user/resource auth matrix. The advantage is that you don't have to "mess" with the PASOE config too much and it can be altered at runtime with immediate effect. hth
Continue reading...
Continue reading...