授权性规则是指规定人们可为或不可为一定行为以及要求其他人为或不为一定行为的规则。 授权性规则可以分为职权性规则和权利性规则。
授权决定可以从应用程序分离并放进一套陈述性规则当中,即可把输入的安全声明转化为应用程序可识别的声明。
Authorization decisions can be pulled out of the application and put into a set of declarative rules that can transform incoming securing claims into claims that applications understand.
通过这种方式,您将能够利用厂商提供的强安全性基础设施,其中,业务要求需要支持复杂的授权规则。
This way you will be able to leverage the vendor-provided strong security infrastructure and, where business needs require, support more complex authorization rules.
取决于应用程序复杂性,或许可以开发一个使用元数据描述授权规则的自定义框架,以自动将安全更改应用到SQL。
Depending on the application complexity, it may be feasible to develop a custom framework that USES metadata to describe authorization rules and applies security changes to the SQL automatically.
应用推荐