Real Time Information Director User Documentation
RTID Security and Auditing
Hewlett-Packard Company 8 529618 - 002
new policy classes. For example, a business might want to customize a provided data
model or base policy decisions on other information in its own data model.
For more information about the Director policy classes, see the Javadocs for the RTID
Security package.
Specifying the Policy Applicable to a Document
To indicate that access to a document is governed by a certain policy, you specify the
name of the policy class in the document definition, using a string of the form
"POLICY=PolicyName", as in the following example:
public PersonalData()
throws MetadataInconsistency, SQLException
{
super(documentRecord(), "PERSONALDATA", "INSERT
POLICY=PersonalPhysician");
}
The example above specifies that a document of type PERSONALDATA can be inserted
only by the patient’s personal physician. To allow the corresponding query
(PERSONALDATA_R) to be made by the patient or physician, we could modify the
metadata as follows:
public PersonalData()
throws MetadataInconsistency, SQLException
{
super(documentRecord(), "PERSONALDATA", "INSERT
POLICY=PersonalPhysician", "POLICY=SelfOrPersonalPhysician");
}
NOTE:
The generalized syntax for the statement to call the superclass for the
document definition is
super(documentRecord(), "
DOCUMENTNAME
", "
insert-options
", "
query-
options
");
where
DOCUMENTNAME
is the name of the document type.
insert-options
is a comma-separated list of options that apply to
insert or update transactions. The value “INVALID” signifies that the
document can’t be explicitly inserted: that is, the document is valid
only as the response to a query.
query-options
is a comma-separated list of options that apply to
queries. The value “INVALID” signifies that the document can be
inserted but not queried.