Example of Permission Checking
This example walks through a scenario for granting and revoking permissions to a user, and describes what happens as various operations are performed.
- User bob is working with a EMS application that subscribes to topics and displays any messages sent to those topics.
- User bob creates a subscription to
user.*
. This topic is the parent topic of each user. Messages are periodically sent to each user (for example, messages are sent to the topicuser.bob
). Because the same application is used by many users, the application creates a subscription to the parent topic. - User bob creates a subscription to topic
corp.news
. This operation fails because bob has not been granted access to that topic yet. - A message is sent to the topic
user.bob
, but the application does not receive the message because bob has not been granted access to the topic yet. - The administrator, as part of the daily maintenance for the application, grants access to topics for new users. The administrator grants the
subscribe
permission to topicuser.bob
andcorp.*
to userbob
. These grants occur dynamically, and userbob
is now able to receive messages sent to topicuser.bob
and can subscribe to topiccorp.news
. - The administrator sends a message on the topic
user.bob
to notify bob that access has been granted to allcorp.*
topics. - The application receives the new message on topic
user.bob
and displays the message. - User
bob
attempts to create a subscription for topiccorp.news
and succeeds. - A message is sent to topic
corp.news
. User bob’s application receives this message and displays it. - The administrator notices that bob is a contractor and not an employee, so the administrator revokes the subscribe permission on topic
corp.*
to userbob
.The subscription to
corp.news
still exists for userbob
’s application, butbob
cannot create any new subscriptions to children of thecorp.*
topic.