read/write access control, progress

Access control for operations is done, though only 5 of 25 samples have been completed. I expect to wrap it up tomorrow and then on to read/write access control.

Read/write will be a tad simpler to implement. Each operation gets an attribute which flags it as reading its context, updating its context or none. (None being no access to its context at all--as in the case of a login command.) Then we introduce an optional AccessControl DSec. Each section under the AccessControl DSec will indicate (via attributes) a user or user group name and the permitted access. Read/write access control then is only active when there is an AccessControl DSec.

Now of course we will want to add an AccessControl DSec to all the access control structures we've created--with write access for AdminGroup and read access for GuestGroup (which everyone is a member of).

We will also want an AccessControl DSec added to every user rolon, giving write access only to the owner.

Once all this is done we can move on to client/server architecture. Though we may want to take some time out to do a few queries. With all the access control structures, we've got pleanty of test data to exercise queries against, finally.