Question about Authorization Manager
- From: John <ask@xxxxxx>
- Date: Fri, 17 Feb 2006 14:37:11 -0500
Hello,
I have a question about the configuration of tasks and operations, and how they are interpreted by the "Authorize" method of the security application block.
I have created an operation called "Print" and two tasks called "Access Financial Information" and "Print Check".
The definition of "Print Check" includes both the "Access Financial Information" task and the "Print" operation.
When a role is defined as having permission to only the operation "Print" and I attempt to authorize "Print Check", it succeeds. I don't understand why this would be considering the role has not been granted rights to the "Access Financial Information" task.
Could someone enlighten me to why access to lower level tasks are not required in order for authorization of the higher level task to occur? Is this a desired behavior of Authorization Manager, or has something gone awry?
.
- Follow-Ups:
- Re: Question about Authorization Manager
- From: John
- Re: Question about Authorization Manager
- Prev by Date: .net 2.0: exception getting DirectorySecurity on a particular directory
- Next by Date: Re: Question about Authorization Manager
- Previous by thread: .net 2.0: exception getting DirectorySecurity on a particular directory
- Next by thread: Re: Question about Authorization Manager
- Index(es):
Relevant Pages
|
