commit c7019603a25f2e840872c9c84bd4bcbeba52cc39
author Shawn McKinney <smckinney@apache.org> Sun Mar 17 02:08:55 2019 -0500
committer Shawn McKinney <smckinney@apache.org> Sun Mar 17 02:08:55 2019 -0500
tree bd0627abab3f7ab311ca1ef2814510f19e21b72a
parent c0563a921e7bb0d28eae61865b5a610974a5d1c6

+ more perms to table

README-SECURITY-MODEL.md

diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index 998d940..a91c2e9 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md
@@ -24,7 +24,7 @@
  * 1. Java EE security
  * 2. Apache CXF's **SimpleAuthorizingInterceptor**
  * 3. Apache Fortress **ARBAC02 Checks**
- * The list of APIs that enforce ARBAC role range and OU checks.
+ * The list of APIs that enforce ARBAC role range, org unit and ADMIN perm checks.
 ___________________________________________________________________________________
 
 ## Document Overview
@@ -127,7 +127,7 @@
  There are two types of organziations, User and Permission.  For example, de/assignUser(User, Role) will verify that the caller has an ADMIN role with a user org unit that matches the ou of the target user.  
  There is a similar check on grant/revokePermission(Role, Permission), verifying the caller has an activated ADMIN role with a perm org unit that matches the ou on the target permission.
 
-### The list of APIs that enforce ARBAC role range and OU checks.
+### The list of APIs that enforce ARBAC role range, org unit and ADMIN perm checks.
 
 |  #  | **Service**                    | Validate UserOU  | Validate PermOU | Role Range Check | **ADMIN Permission**                                                                              | 
 | --- | ------------------------------ | ---------------- | --------------- | ---------------- | ------------------------------------------------------------------------------------------------- |