Rights
When your application requests authorization, you pass the requested rights (an authorization rights set) to the Security Server. The Security Server compares the rights you pass to the keys in the policy database. When a match is found, the Security Server uses the rules associated with the key to determine authorization. For more information about the policy database see “The Policy Database.”
You must create the rights your application uses. Rights use a hierarchical namespace. The right should begin with the reverse domain name of your organization. The right should then specify the name of your application and become more specific—for example, com.myOrganization.myProduct.myRight. Rights that are specific to Mac OS X have right names that begin with system.
Your right should represent an individual action on one or a group of targets. For example, a right might represent the individual action of restarting a daemon, such as com.myOrganization.myProduct.inetd.restart to restart the Internet daemon, or com.myOrganization.myProduct.daemons.restart to restart a group of daemons.
Because you can request multiple rights for the same user, there is no need to create rights that represent combinations of actions. For example, in a grades-and-transcripts application, if you name a right com.myOrganization.myProduct.transcripts.create and another right com.myOrganization.myProduct.grades.edit, there is no need for a separate right com.myOrganization.myProduct.createTranscriptsAndEditGrades.
The name you select for a right should make sense to the user. For example, system.finder.trash.empty is more readily understood than system.finder.trashDirectory.deleteFiles.
Last updated: 2004-02-01
  |
||
|
|
|
|
| ||
Get information on Apple products.
Visit the Apple Store online or at retail locations. 1-800-MY-APPLE Copyright © 2007 Apple Inc. All rights reserved. | Terms of use | Privacy Notice |