3.5.3. The @InheritsPrivileges Annotation
This annotation is used to configure privilege inheritence chains, and may either be applied to an
IdentityType property of an IdentityType class, or to an IdentityType property of a Relationship.
When defined to an
IdentityType property, it means instances inherit all privileges of the instance stored in the property annotated with @InheritsPrivileges. In the example below, childs groups inherit all privileges from their parents.
@IdentityStereotype(IdentityStereotype.Stereotype.GROUP) public class Group extends AbstractIdentityType { @InheritsPrivileges @AttributeProperty public Group getParentGroup() { return this.parentGroup; } }
The same thing can be done for relationships, if you want to promote inheritance considering a hierarchy of an
IdentityType.
@RelationshipStereotype(GRANT) public class Grant extends AbstractAttributedType implements Relationship { @InheritsPrivileges("role") @StereotypeProperty(RELATIONSHIP_GRANT_ASSIGNEE) public IdentityType getAssignee() { return this.assignee; } }
In this case, if this property is related with a
Group instance, all childs of this group inherit the roles granted to it.