AccessControlHandler extends ActionEdgeSource, ContainsFunctions, ContainsOperations, ContainsValues, ContainsWires, GeneratesElements, NamedElement, ParameterEdgeDestination, RequiresEdgesSource

Within a Scope, enforces that all user access must satisfy certain access control requirements such as Roles and Permissions, as specified by outgoing RequiresEdges.

A Scope may contain at most one AccessControlHandler. All access to elements within this Scope, or its children Scopes, must first satisfy the AccessControlHandler. A AccessControlHandler must have at least one outgoing RequiresEdge, and each RequiresEdge must connect to either a Role or Permission.

A RequiresEdge may be connected to another RequiresEdge with a ConstraintEdge in order to support the composition of complex conditions. The composition of these outgoing RequiresEdges with any connecting ConstraintEdges represent the access requirements of the AccessControlHandler.

A AccessControlHandler has an associated user instance DomainIterator, which will only be populated when the current user satisfies the access requirements of the handler.

A AccessControlHandler may have an outgoing ECARule named ``login''. If the current user does not satisfy the access requirements of this AccessControlHandler, the ECARule is executed.



Implementation Notes

Inference Rules




Inherited Attributes



Inherited Children



Inherited References



Inherited Extensions