For as good as the keynotes were, there's still some confusion around roles based security. So I went to the session and I have to say that I was a little disappointed. This is a sore area and while version 10 makes some big strides, the Q&A afterwards left me with more questions than answers.
What I do know is:
It's Role Based
There are operations (lowest level, a window, report, etc.) for example an AP Window
that are grouped into tasks like processing AP
Which are grouped into a role like an AP clerk.
How is this different from classes? Well the third level makes huge difference. The task is essentially a function. So I can build security functions (enter AP, Cut AP checks, Post AP, etc) that are pretty independent of the user and then as the role changes, I can give and take away tasks without…