commit 57c6f09d1bb78eb25304c49b8dc59b5a7e6830ec
author Shawn McKinney <smckinney@apache.org> Sat Mar 16 18:05:41 2019 -0500
committer Shawn McKinney <smckinney@apache.org> Sat Mar 16 18:05:41 2019 -0500
tree d6713612e6ed80b5f44d9162033a4513f1b318a1
parent 185c3eff735805341d0c109a735a75d058777b51

cleanup

README-SECURITY-MODEL.md

diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index b98f043..0af4d6c 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md
@@ -78,27 +78,27 @@
 
 The ARBAC checks include the following:
 
-1. All service invocations map to DelAdminMgr.checkAccess calls using an ADMIN perm that corresponding with the service/API being called, e.g. org.apache.directory.fortress.core.impl.AdminMgrImpl.addUser.  
+1. All service invocations map to DelAccessMgr.checkAccess calls using an ADMIN perm that corresponding with the service/API being called, e.g. *org.apache.directory.fortress.core.impl.AdminMgrImpl.addUser*.  
  This means at least one ADMIN role activates that has been granted the required permission.
 
-2. The assignUser, deassignUser, grantPermission, revokePermission APIs enforce administrative authority over the RBAC role being targeted. This is being done by establishing a range of roles (hierarchically), for which the target role falls inside.
-
+2. The *assignUser*, *deassignUser*, *grantPermission*, *revokePermission* APIs enforce administrative authority over the RBAC role being targeted. 
+ This is being done by establishing a range of roles (hierarchically), for which the target role falls inside.   
  For example, the following top-down contains an RBAC role hierarchy for a fictional software development organization:
 
  ```
-        CTO
+        *CTO*
+          |
+     |         |
+   *ENG*      *QC*
+   |   |     |    |   
+ *E1* *E2* *Q1*  *Q2*
+     |         |
+   *DA*       *QA*
          |
-     |       |
-    ENG      QC
-   |   |   |    |   
- E1   E2  Q1    Q2
-    |        |
-   DA        QA
-         |
-         A
+        *A*
  ```
     
- Where a role called 'CTO' is the highest ascendant in the graph, and 'A' is the lowest descendant. In a top-down role hierarchy, privilege increases as we descend downward.  So a person with role 'A' inherits all that are above.
+ Where a role called *CTO* is the highest ascendant in the graph, and *A* is the lowest descendant. In a top-down role hierarchy, privilege increases as we descend downward.  So a person with role *A* inherits all that are above.
 
  In describing a range of roles, *beginRange* is the lowest descendant in the chain, and *endRange* the highest. Furthermore a bracket, '[', ']', indicates inclusiveness, whereas parenthesis indicates exclusiveness for a particular endpoint.
 
@@ -116,7 +116,7 @@
 
  Which means they won't have to pass the role range test.  All others use the range field to define authority over a particular set of roles, in a hierarchical structure. 
                                          
-3. Some APIs on the AdminMgr do organization checks, matching the org on the admin role with that on the target.  There are two types of organziations, User and Permission.
+3. Some APIs on the *AdminMgr* do organization checks, matching the org on the admin role with that on the target.  There are two types of organziations, User and Permission.
 
  For example, de/assignUser(User, Role) will verify that the caller has an admin role with a matching user org unit (UserOU) on the target role.