Pessimistic and Optimistic Security Approaches

The Landmark authorization model assumes a pessimistic approach down to the application or business class level. This means that

  • A user cannot access anything in a product line until access to that product line is explicitly granted.

  • A user cannot access anything in a module, even if that user has been granted product line access, until access to the module is explicitly granted.

  • A user cannot access a business class or key field, even if that user has been granted product line and module access, until access to a class or key field is explicitly granted.

At the field level, the authorization model assumes an optimistic approach: when granted access to the business class, all fields are then accessible until specifically restricted.