how to grant different permissions for different users on same instance

Question

In my grails application I installed spring security acl and its working fine. I have one domain class customer and three roles i.e., admin,sales,others. How to grant permissions for different users on the same domain instance, i.e., For ROLE_ADMIN(create, read, delete and write), for ROLE_SALES(create, read) and ROLE_OTHERS(create,read,write).

Example: x is instance of customer created by admin role, who have permission to write, delete,read. For the same x instance, how to grant permissions read,write for sale role and create,read, write permission for other role

You can use anotations in the controller for the access control in the controller actions — Saurabh Dixit

grantmcconnaughey grantmcconnaughey · Accepted Answer · 2013-08-18T04:35:28

You can place @Secured authorization annotations at the class level or the method level. That way you can lock down your controller methods to certain roles. For example, if you have a Thing domain class that you want to control access on, then you can annotate its controller this way:

class ThingController {
    @Secured(['ROLE_ADMIN', 'ROLE_SALES', 'ROLE_OTHERS'])
    create() {
      // creation logic
    }

    @Secured(['ROLE_ADMIN', 'ROLE_SALES', 'ROLE_OTHERS'])
    read() {
      // read logic
    }

    @Secured('ROLE_ADMIN')
    delete() {
      // delete logic
    }

    @Secured(['ROLE_ADMIN', 'ROLE_OTHERS'])
    write() {
      // write logic
    }
}

Here is a good intro to Grails Spring Security article (look under "Adding Access Control" and "Annotations"). And here is the official Grails Spring Security documentation on the subject.

how to grant different permissions for different users on same instance

1 Answers