...
| Code Block | ||
|---|---|---|
| ||
{
"type": "ALLOW",
"action": "GET",
"resource": "/zones/18e1f27a-36b5-472f-a03c-6831fb78f97a/adaptors"
} |
Note the absence of the wildcard character.
This request can now can be made by the user:
| Code Block | ||
|---|---|---|
| ||
GET /zones/18e1f27a-36b5-472f-a03c-6831fb78f97a/adaptors |
However, this would not allow the user to view the individual adaptor resource details. For example, if the zone had an adaptor identified by the UUID 7c11c574-0e35-4c78-b572-222952156ac8, this request would be denied:
...
Using wildcards at times may not be desirable since it would allow allows access to resources that should be accessed by only the admin. For example:
...
If the requirement is to grant a user detailed access to adaptors in a zone but not grant access to the adaptor's registration information, then permission to adaptors in the zone must be granted on an adaptor-by-adaptor basis. For example, assume the zone in our examples has three adaptors:
...