Using an authorization service offers greater control than using a role service, but the API is more complicated than the role service API.
The role service acts server-wide, and evaluates user membership in declared EAServer roles associated with a resource (package, component, method, or Web resource collection).
An authorization service can control access to all resources on a server, or only those in a particular application, Web application, or package. With the authorization service, you can allow or deny access to resources with no dependencies on roles configured in EAServer.
You can use both a role service and an authorization service. For example, you may wish to use a role service to preserve the ability to configure role-based resource permissions in EAServer Manager, but use the authentication service to create audit logs of user access to resources.
Copyright © 2005. Sybase Inc. All rights reserved. |