user principals (user, group)
roles assigned to principals (for RBAC, possibly stored in Mode's AccessControlManager ACL)
- coming from the object above the datastream or higher up
Just enforcing who can modify datastreams means determining node type and checking for that specific permission with respect to the role.
Restricting by datastream name or other metadata?

REST API-Based Authorization

These approached intercept JAX-RS requests and provide some form of policy enforcement around the API operation.

Page tree