The 3 Types of Security In Enterprise Applications

added by AdamBell
12/5/2010 3:14:56 PM

2 Kicks, 212 Views

There are generally three types of security in enterprise applications: 1. Role based security - Which actions can a user do - aka role-based access control 2. Entity level security - A user can only perform an Action on certain objects/data - aka row level security 3. Field level security - A user can see or edit only certain fields of an entity – (this is really fine grained and usually a bad idea)


1 comments

AdamBell
12/5/2010 4:27:10 PM
I can't edit my description :( but this is my quick summary of how security logic can be abstracted away using the concept of 'Entity Groups' from Rhino security. It certainly might not be right for every project, but a cohesive strategy for access control would be a big leap forward compared to a lot of projects I’ve worked on.