<< 12URL Properties
(Quick Reference)
14Switch User >>

13 Hierarchical Roles - Reference Documentation

Authors: Burt Beckwith, Beverley Talbott

Version: 2.0.0

13 Hierarchical Roles

Hierarchical roles are a convenient way to reduce clutter in your request mappings.

PropertyDefault ValueMeaning
roleHierarchynoneHierarchical role definition.

For example, if you have several types of 'admin' roles that can be used to access a URL pattern and you do not use hierarchical roles, you need to specify all the admin roles:

package com.mycompany.myapp
import grails.plugin.springsecurity.annotation.Secured
class SomeController {
   @Secured(['ROLE_ADMIN', 'ROLE_FINANCE_ADMIN', 'ROLE_SUPERADMIN'])
   def someAction() {
      …
   }
}

However, if you have a business rule that says ROLE_FINANCE_ADMIN implies being granted ROLE_ADMIN, and that ROLE_SUPERADMIN implies being granted ROLE_FINANCE_ADMIN, you can express that hierarchy as:

grails.plugin.springsecurity.roleHierarchy = '''
   ROLE_SUPERADMIN > ROLE_FINANCE_ADMIN
   ROLE_FINANCE_ADMIN > ROLE_ADMIN
'''

Then you can simplify your mappings by specifying only the roles that are required:

package com.mycompany.myapp
import grails.plugin.springsecurity.annotation.Secured
class SomeController {
   @Secured(['ROLE_ADMIN'])
   def someAction() {
      …
   }
}

You can also reduce the number of granted roles in the database. Where previously you had to grant ROLE_SUPERADMIN, ROLE_FINANCE_ADMIN, and ROLE_ADMIN, now you only need to grant ROLE_SUPERADMIN.

<< 12URL Properties
14Switch User >>
Quick Reference (hide)

Scripts

s2-create-persistent-token
s2-create-role-hierarchy-entry
s2-quickstart