The direct object security manager is responsible for limiting the
access to data referenced by and ID in URL's or forms.
An URL could look something like http://www.example.com/secretdata?user=42.
The user can easily change user=42 to user=43 hereby getting access to
secret data. This manager is responsible for handling the model that
gives access to data.