...
- Add an API to change the relationship between an AccessRequirement and a list of RestrictableObjects. This action will trigger a change message for each subjects.
- Create will work the same.
- Update AccessRequirement APIs will only populate ACCESS_REQUIREMENT and ACCESS_REQUIREMENT_VERSION table.
- This option will keep the list of RestrictableObjectDescriptor in AccessRequirement DTO.
Pros:
- Friendly to users since their workflow will stay the same.
Cons:
- It is not clear that the association between a subject and an AccessRequirement is not a part of the AccessRequirement.
Option 2 - Allow
...
AccessRequirement to be created and listed without specifying Subjects
- Remove the list of RestrictableObjectDescriptor from AccessRequirement DTO.
- Create & Update AccessRequirement will not associate the AccessRequirement to any subjects.
- Add new set of APIs to associate a subject to an AccessRequirement and to remove the association.
- Add new APIs to list AccessRequirement one creates and have access to.
Pros:
- The API make it clear that the association between a subject and an AccessRequirement doesn't change the AccessRequirement itself.
Cons:
- AccessRequirement itself can have similar terms. AccessRequirements do not have name. Without the context of which subject it applies too, it is hard for user to identify which AccessRequirement they wants.
- ACT members have to adapt to a new way to use AccessRequirement.