28/10/2008
Role Based Access Control
18
WE::U::P
Caveats
lYou have to provide user and group handling ("The semantics of users, groups,
processes and pages
are usually defined in another layer")
lNo admin interface to create rules
l"There is currently no way to specify a
token with spaces
or slashes.”
l“Diagnostics is poor. Unrecognized tokens
won't cause errors
or warnings.”
lNo precedence other than rule order (e.g. how
do I deny a tree
except for a sub-tree which is allowed).
lNo plugin methods matching/precedence caclulation.
But you could use the ideas and
code as a basis for
your own authorisation library.Have a look at the code on CPAN.