Example of Permission Checking

This example walks through a scenario for granting and revoking permissions to a user, and describes what happens as various operations are performed.

  1. User bob is working with a EMS application that subscribes to topics and displays any messages sent to those topics.
  2. User bob creates a subscription to user.*. This topic is the parent topic of each user. Messages are periodically sent to each user (for example, messages are sent to the topic user.bob). Because the same application is used by many users, the application creates a subscription to the parent topic.
  3. User bob creates a subscription to topic corp.news. This operation fails because bob has not been granted access to that topic yet.
  4. A message is sent to the topic user.bob, but the application does not receive the message because bob has not been granted access to the topic yet.
  5. The administrator, as part of the daily maintenance for the application, grants access to topics for new users. The administrator grants the subscribe permission to topic user.bob and corp.* to user bob. These grants occur dynamically, and user bob is now able to receive messages sent to topic user.bob and can subscribe to topic corp.news.
  6. The administrator sends a message on the topic user.bob to notify bob that access has been granted to all corp.* topics.
  7. The application receives the new message on topic user.bob and displays the message.
  8. User bob attempts to create a subscription for topic corp.news and succeeds.
  9. A message is sent to topic corp.news. User bob’s application receives this message and displays it.
  10. The administrator notices that bob is a contractor and not an employee, so the administrator revokes the subscribe permission on topic corp.* to user bob.

    The subscription to corp.news still exists for user bob’s application, but bob cannot create any new subscriptions to children of the corp.* topic.