Actions are labels that correspond to bit positions in a 32 bit integer. The specific meaning of each of the standard actions depends on the Oware application. If you check for the action Read and receive a response from the security manager, then your application code must make some decision based on the response. Application code is what gives meaning to the label. The actions available are:

Standard Actions

• Read

• Write

• Execute

• Browse

• Add

• Delete

• Rename

• Compare

• Add_Self

Special Actions

• Attr_Supervisor

• Attr_Inherit

• Entry_Supervisor

• Entry_Inherit

The special actions control how Oware evaluates permissions. The Inherit Actions control permissions inheritance. The Supervisor Actions indicate that a Principal has a superset of rights.

The distinction between Entry_Supervisor and Attr_Supervisor is important because it separates control of secured objects from the control of the objects’ attributes. For example, an Attr_Supervisor could change any of the objects attributes but could not delete the object itself.


You may create OWPermissions using an integer instead of the action labels. See the JavaDocs for details.

Targets are represented in OWPermissions by an arbitrary string, the syntax of which depends of your application. The simple target string within an OWPermission is only one part of a compound Target used during permission evaluation. The full compound Target consists of a unique identifier of the secured object and the Target string. For example:

Com.dorado.myapp.myAppObject1 : thisIsTheTargetString

The special Target strings

Com.dorado.myapp.myAppObject1 : [ENTITY]