You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the default behavior, we'd like to enforce the following:
CP APIs can only modify nodes below the user, such as user1 can have control over user1.A.B:C, but not over user2:X
DP API memorize can only write to corpuses directly below the user (? To be debated if this is necessary)
DP API recall can read only from corpuses that belong to the user, or belong to direct ancestors. Such as companyA.team1.user1 can read from the corpus companyA:C, but not companyA.team2:X. (This is for sharing corpuses at a higher level)
These default behaviors are based on the structure of the namespace, and should be intuitive/natural in most cases.
Note that this is also a temporary implementation. In the future we will be doing policy/role based authorization, in which case even though we likely want to maintain these default behaviors, we would implement them as policy/roles.
As the default behavior, we'd like to enforce the following:
user1can have control overuser1.A.B:C, but not overuser2:XcompanyA.team1.user1can read from the corpuscompanyA:C, but notcompanyA.team2:X. (This is for sharing corpuses at a higher level)These default behaviors are based on the structure of the namespace, and should be intuitive/natural in most cases.
Note that this is also a temporary implementation. In the future we will be doing policy/role based authorization, in which case even though we likely want to maintain these default behaviors, we would implement them as policy/roles.
TRACKS: #13
The text was updated successfully, but these errors were encountered: