In ground systems, certain role has always a list of privileges associated with it. Having this information provided by Login service would allow consumer to know ahead what operations can be executed, and what operations would return _AUTHORISATIONFAIL.
Below I described a proposed extension of the service.
Extend Common::Login::LoginRole ObjectBodyType from
Add new abstract type Common::Login::Privilege and define at least 1 standard privilege filter type
Common::Login::OperationPrivilege with body:
MAL::UShort area
MAL::UShort service
MAL::UOctet version
MAL::UShort operation
Each part of the OperationPrivilege filter should allow a wildcard value (i.e. UShort.MaxValue or UOctet.MaxValue)
Privilege could also be defined as a separate COM Object, referenced from Role by an Object Id. It would reduce communication overhead when more complex Privilege composites are used.
In ground systems, certain role has always a list of privileges associated with it. Having this information provided by Login service would allow consumer to know ahead what operations can be executed, and what operations would return _AUTHORISATIONFAIL.
Below I described a proposed extension of the service.
Extend Common::Login::LoginRole ObjectBodyType from
to
Add new abstract type Common::Login::Privilege and define at least 1 standard privilege filter type Common::Login::OperationPrivilege with body:
Each part of the OperationPrivilege filter should allow a wildcard value (i.e. UShort.MaxValue or UOctet.MaxValue)
Privilege could also be defined as a separate COM Object, referenced from Role by an Object Id. It would reduce communication overhead when more complex Privilege composites are used.