Type Parameters:

T - type of the items the policy apply to
```
public interface AccessPolicy<T>
```
Access policy that drives the access to individual instances based on identity. Enforces if given identity (that is usually representing a user) can access given instance on various levels.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`boolean`	`canCreateInstance(IdentityProvider identityProvider)`	Determines if given identity is allowed to create new instances of item this policy is attached to e.g. creating new process instances
`boolean`	`canDeleteInstance(IdentityProvider identityProvider, T instance)`	Determines if given identity is allowed to delete given instance
`boolean`	`canReadInstance(IdentityProvider identityProvider, T instance)`	Determines if given identity is allowed to read (view) given instance
`boolean`	`canSignalInstance(IdentityProvider identityProvider, T instances)`	Determines if given identity is allowed to signal given instance
`boolean`	`canUpdateInstance(IdentityProvider identityProvider, T instance)`	Determines if given identity is allowed to update given instance

- Method Detail
  - canCreateInstance
```
boolean canCreateInstance(IdentityProvider identityProvider)
```
    Determines if given identity is allowed to create new instances of item this policy is attached to e.g. creating new process instances
    
    Parameters:
    
    identityProvider - provider that delivers identity information such as name, roles
    
    Returns:
    
    true if given identity is allowed to create new instance
  - canReadInstance
```
boolean canReadInstance(IdentityProvider identityProvider,
                        T instance)
```
    Determines if given identity is allowed to read (view) given instance
    
    Parameters:
    
    identityProvider - provider that delivers identity information such as name, roles
    
    instance - actual instance to apply access policy to
    
    Returns:
    
    true if given identity is allowed to read instance
  - canUpdateInstance
```
boolean canUpdateInstance(IdentityProvider identityProvider,
                          T instance)
```
    Determines if given identity is allowed to update given instance
    
    Parameters:
    
    identityProvider - provider that delivers identity information such as name, roles
    
    instance - actual instance to apply access policy to
    
    Returns:
    
    true if given identity is allowed to update given instance
  - canDeleteInstance
```
boolean canDeleteInstance(IdentityProvider identityProvider,
                          T instance)
```
    Determines if given identity is allowed to delete given instance
    
    Parameters:
    
    identityProvider - provider that delivers identity information such as name, roles
    
    instance - actual instance to apply access policy to
    
    Returns:
    
    true if given identity is allowed to delete given instance
  - canSignalInstance
```
boolean canSignalInstance(IdentityProvider identityProvider,
                          T instances)
```
    Determines if given identity is allowed to signal given instance
    
    Parameters:
    
    identityProvider - provider that delivers identity information such as name, roles
    
    instance - actual instance to apply access policy to
    
    Returns:
    
    true if given identity is allowed to signal given instance

Interface AccessPolicy<T>

Method Summary

Method Detail

canCreateInstance

canReadInstance

canUpdateInstance

canDeleteInstance

canSignalInstance