...
Here are objects from the v2 domain model that have been designed far enough to think about permissions (designer = STUDY_DESIGNER):
Object | Assoc | Role | Permissions | Note |
|---|---|---|---|---|
Protocol/Study Arms | Organization (“owner”) | designer, developer | create, read, write | |
Study | designer, developer | read | ||
admin | delete | |||
Schedule | Study (“owner”) | designer, developer | create, read, write | |
admin | delete | |||
Study Arm ScheduleSession | Organization (“owner”) | designer, developer | create, read, delete |
Spring Security
This is the most complex option available, but we could use the method-based security via annotations. Our service methods could declare the security using complex expression rules.
...