Download GemStone/S Programming Guide

Object Security and Authorization
How GemStone Security Works
Figure 7.2 Multiple Segment Assignments for a Compound Object
anEmployee
Segment1
Owner (System Admin): Write
Group1 (Personnel): Write
World: Read
name
salaryHistory
Segment2
Owner (System Admin): Write
Group1 (Personnel): Read
Group2 (Payroll): Write
World: None
dept.
Every GemStone object is associated with a segment, except for objects of classes
True, False, and SmallInteger. When objects are created, they are assigned to a
default (the creator’s current) segment unless specified otherwise.
Collections
When you assign collections of objects to segments, you must distinguish the
container from the items it contains. Each of the items must also be assigned to the
proper segment. Distinguishing between a collection and the objects it contains
allows you to create collections most elements of which are publicly accessible,
while some elements are sensitive.
December 2001
GemStone Systems, Inc.
7-7