Pessimistic and Optimistic Security Approaches
The Landmark authorization model assumes a pessimistic approach down to the application or business class level. This means that
-
A user cannot access anything in a product line until access to that product line is explicitly granted.
-
A user cannot access anything in a module, even if that user has been granted product line access, until access to the module is explicitly granted.
-
A user cannot access a business class or key field, even if that user has been granted product line and module access, until access to a class or key field is explicitly granted.
At the field level, the authorization model assumes an optimistic approach: when granted access to the business class, all fields are then accessible until specifically restricted.