mei_rt2mei_rt2_fix_1
Last change
on this file since c6d5da3 was
f824a9e,
checked in by Mei <mei@…>, 13 years ago
|
1) add more doc to python_tests
|
-
Property mode set to
100755
|
File size:
1.3 KB
|
Line | |
---|
1 | ##################################################################### |
---|
2 | # This example demonstrates using a parameters to control access to |
---|
3 | # files based on the attributes of the principals. files are named by |
---|
4 | # URNs and are not principals. |
---|
5 | # |
---|
6 | # A principal's access rights are controlled by the Alpha principal. If a |
---|
7 | # principal has the role role::read(urn:filename) that |
---|
8 | # principal can read filename. The policy is that the manager of the owner of |
---|
9 | # a file can read it. (Presumably the owner can, too, but that is not encoded |
---|
10 | # here.) |
---|
11 | # |
---|
12 | # The setup.py file creates four principals Alpha, Bob, Maryann and Joe |
---|
13 | # |
---|
14 | # The attr.py file lays out the policy that the manager of the owner of a file |
---|
15 | # can read it in Credential 1. Credential 2 establishes Bob as the manager of |
---|
16 | # Joe. and Credential 3 establishes Joe as the owner of the file. |
---|
17 | # |
---|
18 | # The query.py file runs 2 queries. First it confirms that Bob can read |
---|
19 | # fileA, then it confirms that Maryann cannot. |
---|
20 | |
---|
21 | # file_read_rt2 |
---|
22 | # |
---|
23 | # Credential 1 (alpha.read(?F) <- alpha.managerOf(?E:alpha.ownerOf(?F))) |
---|
24 | # [keyid:alpha].role:read([urn:?F])<- |
---|
25 | # [keyid:alpha].role:managerOf([principal:?E[keyid:alpha].role:ownerOf([urn:?F])] |
---|
26 | |
---|
27 | # Credential 2 |
---|
28 | #[keyid:Alpha].role:managerOf([Keyid:Joe]) <- [keyid:Bob] |
---|
29 | |
---|
30 | # Credential 3 |
---|
31 | #[keyid:Alpha].role:ownerOf([urn:'file://fileA']) <- [keyid:Joe] |
---|
32 | |
---|
Note: See
TracBrowser
for help on using the repository browser.