The access package contains classes and resources pertaining to access checking. Access checking is defined as determining if a given security context is granted or denied a specific permission on a given object.

Glossary

Security Context

Commonly referred to as the current user or current session, it really equates to security token that a user obtained from the authentication system that maps to a specific identity (collection of account, namespaces, groups, and roles) in the authorization system.

Identity

The identity is a collection of subjects, in this application namespaces, accounts, groups, and roles, that a security context appears as. All of the permissions granted or denied for a given subject extended to all security contexts whose identity includes that subject.

Permission

A permission is a fixed token that can be granted or denied for a given namespace, account, group, or role on a particular object.

Policy

A policy is a statement that either grants or denies a set of permissions for a particular subject (namespace, account, group, or role).

Access Rules

This section describes the rules which govern access to objects.

Evaluating Policies

When evaluating all of the policies pertaining to an object, a given identity may be granted a permission by one or more policy while some other policy denies that permission for the identity. To resolve these types of conflicts the following order of precedence is applied:

if one or more policies deny a permission to the security context, the permission is denied;
if one or more policies grant a permission to the security context, and none deny it, the permission is granted; and
if none of the policies either grant or deny the permission to the security context, the permission is denied;

Access to objects is not only controlled by its policies, but also its


  disabled

and owner properties play a role. When an object is disabled, all permissions are denied unless the security context is granted either the write permission, or the setPolicy permission (by evaluating the policies) or is the owner of the object (which automatically grants all permissions). The owner of an object is treated as an administrator in respect to that object, therefore a security context deemed to be the owner of an object is granted all permissions for that object, regardless of the object's policies. As such, when a security context is the owner of an object and that object is disabled, the security context is automatically granted the write permission, which overrides the disabled state.