public class AccessLevel extends java.lang.Object implements java.io.Serializable, java.lang.Comparable<AccessLevel>
An access level determines which users can access what data.
Each item has two access levels, which determine which users can read, update, or delete it. They are the item's only-read level and its read-or-write level.
Each store session has an access level. It can read an item if its access level is the same as or superior to the item's only-read level or the item's read-or-write level. It can update or delete the item if its access level is the same as or superior to the item's read-or-write level. If its level has been replaced then an exception is thrown when it attempts to create, read, update or delete an item.
The rationale for having an only-read level and a read-or-write level, as opposed to simply having a read level and a write level, is that:
Access levels also determine the circumstances in which users can read, update, or delete triples. A session can read a triple if it can read the triple's subject and verb and also its object if that is an item. A session can update or delete a triple if it can write the triple's subject, can read the the triple's verb and also can read the triple's object if that is an item.
Each access level is represented by an item. The access levels of that item control access to the access level that it represents.
There is a superiority relation between access levels such that, if one access level is superior to another, anything that can be done at the inferior level can also be done at the superior level.
This is a powerful feature that system managers can use to control access to information. For example, an access level could be defined to control access to a company's pricing discount data. Another access level could be defined for people with a sales role. Making this level superior to the first one gives the sales team access to the pricing discount data.
The superiority relation is, in the mathematical sense, reflexive and transitive, but not symmetric. "Reflexive" means that an access level is superior to itself. "Transitive" means that if access level A is superior to B, and B is superior to C, then A is superior to C. So, if an access level is defined for people with a sales manager role, and is made superior to the level for the sales role, then sales managers will also have access to the pricing discount data. "Not symmetric" means that, if A is superior to B, then B is not necessarily superior to A. The sales managers can be given access to data that the sales team cannot see.
An organisation defines a number of access levels to control access to its information, and states that some are superior to others. Because the superiority relation is transitive, a level can be superior to another without this being stated explicitly (as, in the example, is the case for the sales manager level and the pricing discount access level).
An access level defined by one organisation can be superior to an access level defined by another. The company in the example might appoint another company as a distributor of its products, and make the distributor's sales role access level superior to its pricing discount access level. (In such a situation, the access levels would probably be in different sources, with the distributor's sales role access level in a source owned by the distributor, and the pricing discount access level in a source owned by the producer.)
With access levels in different organizations, the question arises of which organization should be able to make a level superior to another. In the example above, we would expect the producer to have control over whether the distributor's sales role level should be superior to its pricing discount level. In other cases, however, an organization might want to control whether another organization's level is inferior to one of its levels. For example, it might wish to prevent its people from accessing information that it would then have to pay for, or that would put it in breach of a commercial or ethical policy. The principle is therefore adopted that both organizations must give permission for a level to be superior to another. Once both have done so, a stated relationship between the two levels is created automatically. Either can revoke its permission at any time, and the stated relationship is then automatically removed.
There are two built-in access levels:
Modifier and Type | Method and Description |
---|---|
boolean |
canBeReadBy(StoreSession session)
Determine whether the access level can be read by
a store session.
|
boolean |
canBeWrittenBy(StoreSession session)
Determine whether the access level can be written
by a store session.
|
int |
compareTo(AccessLevel other) |
boolean |
equals(java.lang.Object o) |
Id |
getEffectiveItemId()
Get the identifier of the item that represents
the access level or its ultimate replacement
|
Item |
getItem()
Get the item that represents the access level.
|
Id |
getItemId()
Get the identifier of the item that represents
the access level
|
int |
hashCode() |
boolean |
hasSuperior(AccessLevel level)
Determine whether a given access level is
superior to this one
|
boolean |
isCurrent()
Determine whether the access level is current, meaning that
it has not been replaced and its item is current.
|
java.lang.String |
toString() |
public Item getItem() throws TripleStoreNonFatalException
TripleStoreNonFatalException
public Id getItemId() throws TripleStoreNonFatalException
TripleStoreNonFatalException
public Id getEffectiveItemId() throws TripleStoreNonFatalException
TripleStoreNonFatalException
public boolean isCurrent()
public boolean hasSuperior(AccessLevel level) throws TripleStoreNonFatalException
TripleStoreNonFatalException
- if this or
the given level is invalidpublic boolean canBeReadBy(StoreSession session) throws TripleStoreNonFatalException
session
- a store sessionTripleStoreNonFatalException
public boolean canBeWrittenBy(StoreSession session) throws TripleStoreNonFatalException
session
- a store sessionTripleStoreNonFatalException
public boolean equals(java.lang.Object o)
equals
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
public int compareTo(AccessLevel other)
compareTo
in interface java.lang.Comparable<AccessLevel>
public int hashCode()
hashCode
in class java.lang.Object