|
4.2.1. What is the Governing Membership? |
|
rev. 2009-08-11
|
|
|
4.2.1. What is the Governing Membership? |
|
|
rev. 2009-08-11
|
|
A User can have multiple role memberships each with its own defined context. Which memberships govern depends on the context of interest. If two memberships exist with overlapping contexts, it is the membership with the more focused context that will take precedence. This can be shown in the following diagram.
In this scenario the user would not be able to edit anything contained within the “Springfield” Portfolio since the user has a membership which denies the Editor Role within the “Springfield” Portfolio context. However, editing the “Springfield Recreational Centre” facility would be allowed since the user also has a membership to the Editor Role granting privilege within the “Springfield Recreational Centre” context. To continue with this scenario, the membership mode could be switched such that editing is allowed within the “Springfield” portfolio but not within the “Springfield Recreational Centre” as shown in the following diagram.
In this case, the user could perform any editing operation as long as it is within the “Springfield” Portfolio but not within the “Springfield Recreation Centre” context.
Using this methodology, multiple memberships could be added to a user account to produce the desired security scenario.