摘要 |
Techniques for providing role-based security with instance-level granularity are provided. A security service detects a request made by a principal for access to a resource. Access to the resource is conditioned on a status of a role. The role is associated with the request, the principal, and the resource. The security service evaluates a constraint associated with the role to determine the status. The status is subsequently consumed to determine whether access to the resource for the purposes of satisfying the request is permissible.
|