source: examples/python_tests/file_read_rt2/README @ 34e667d

mei_rt2mei_rt2_fix_1
Last change on this file since 34e667d was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 1.3 KB
Line 
1#####################################################################
2# This example demonstrates using a parameters to control access to
3# files based on the attributes of the principals. files are named by
4# URNs and are not principals.
5#
6# A principal's access rights are controlled by the Alpha principal.  If a
7# principal has the role role::read(urn:filename) that
8# principal can read filename.  The policy is that the manager of the owner of
9# a file can read it. (Presumably the owner can, too, but that is not encoded
10# here.)
11#
12# The setup.py file creates four principals Alpha, Bob, Maryann and Joe
13#
14# The attr.py file lays out the policy that the manager of the owner of a file
15# can read it in Credential 1. Credential 2 establishes Bob as the manager of
16# Joe. and Credential 3 establishes Joe as the owner of the file.
17#
18# The query.py file runs 2 queries.  First it confirms that Bob can read
19# fileA, then it confirms that Maryann cannot.
20
21# file_read_rt2
22#
23# Credential 1 (alpha.read(?F) <- alpha.managerOf(?E:alpha.ownerOf(?F)))
24# [keyid:alpha].role:read([urn:?F])<-
25#    [keyid:alpha].role:managerOf([principal:?E[keyid:alpha].role:ownerOf([urn:?F])]
26
27# Credential 2
28#[keyid:Alpha].role:managerOf([Keyid:Joe]) <- [keyid:Bob]
29
30# Credential 3
31#[keyid:Alpha].role:ownerOf([urn:'file://fileA']) <- [keyid:Joe]
32
Note: See TracBrowser for help on using the repository browser.