Page History

...

Thus following will happen if the above regular user 'domainUserA' calls this command:

API access check

...

The APIlayer will call the APICheckers to see if the user is allowed to invoke this API
The PolicyBasedAccessChecker :: checkAccess(user, apiName) will check following:
— Find all groups the user belongs too: groupIDs = 1
— Find all 'Effective' policies the groups are associated to: policies = 1, 6
— If any policy 'Allows' the startVirtualMachine API, grant permission to make this call: Policy Id 6 and Permission Id 3 allow the API to be invoked for this user.

• Entity Access Check: The @ACL annotation invokes the SecurityChecker implementation

...