Welcome, Guest! Log In | Create Account

Read Access Control

Read access to a branch is achieved by (1) preventing users from creating their own accounts in the branch and (2) removing the query privilege from guests and known guests. (A known guest is a user who has logged in to COODBMS but who does not have an account in the branch.)

First we will block the use of the createMyAccount command, so users that only an administrator for that branch can create accounts: 

guest >
login JaneDoe jd
2008.03.24-00:01:31-136 createMyMasterAccount
JaneDoe >
database test.cowdb
JaneDoe test.cowdb >
branch trunk
JaneDoe test.cowdb trunk /USERS/JaneDoe >
wellknown
[1] /OPERATIONS
[2] /OPERATION_GROUPS
[3] /USERS
[4] /USER_GROUPS
JaneDoe test.cowdb trunk /USERS/JaneDoe [go] >
2
JaneDoe test.cowdb trunk /OPERATION_GROUPS >
children
[1] @/AdminOperations == /OPERATION_GROUPS/AdminOperations
[2] @/GuestOperations == /OPERATION_GROUPS/GuestOperations
[3] @/KnownGuestOperations == /OPERATION_GROUPS/KnownGuestOperations
[4] @/QueryOperations == /OPERATION_GROUPS/QueryOperations
[5] @/UserOperations == /OPERATION_GROUPS/UserOperations
JaneDoe test.cowdb trunk /OPERATION_GROUPS [go] >
3
JaneDoe test.cowdb trunk /OPERATION_GROUPS/KnownGuestOperations >
children
[1] @/createMyAccount == /OPERATIONS/createMyAccount
JaneDoe test.cowdb trunk /OPERATION_GROUPS/KnownGuestOperations [go] >
removeChild createMyAccount
JaneDoe test.cowdb trunk /OPERATION_GROUPS/KnownGuestOperations >

Here we have removed the createMyAccount operation Rolon from the KnownGuestOperations. Now only an administrator can create accounts in this branch: 

JaneDoe test.cowdb trunk /OPERATION_GROUPS/KnownGuestOperations >
createAccount JohnSmith
JaneDoe test.cowdb trunk /OPERATION_GROUPS/KnownGuestOperations >

Now we need to remove the query privilege from guests: 

JaneDoe test.cowdb trunk /OPERATION_GROUPS/KnownGuestOperations >
wellknown
[1] /OPERATIONS
[2] /OPERATION_GROUPS
[3] /USERS
[4] /USER_GROUPS
JaneDoe test.cowdb trunk /OPERATION_GROUPS/KnownGuestOperations [go] >
4
JaneDoe test.cowdb trunk /USER_GROUPS >
children
[1] @/AdminGroup == /USER_GROUPS/AdminGroup
[2] @/GuestGroup == /USER_GROUPS/GuestGroup
[3] @/KnownGuestGroup == /USER_GROUPS/KnownGuestGroup
[4] @/UserGroup == /USER_GROUPS/UserGroup
JaneDoe test.cowdb trunk /USER_GROUPS [go] >
2
JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup >
rtree
[1] @
[2] @/CU
[3] @/CU/PARENTS
[4] @/CU/CHILDREN
[5] @/CU/OperationGroups
JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup [go] >
5
JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup/CU/OperationGroups >
show
<?xml version='1.0' encoding='UTF-8'?>
<orderedSec name='OperationGroups' ascension='2'>
  <handle name='#1'>
/OPERATION_GROUPS/GuestOperations
  </handle>
  <handle name='#2'>
/OPERATION_GROUPS/QueryOperations
  </handle>
</orderedSec>
JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup/CU/OperationGroups >
remove #2
JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup/CU/OperationGroups >
show
<?xml version='1.0' encoding='UTF-8'?>
<orderedSec name='OperationGroups' ascension='2'>
  <handle name='#1'>
/OPERATION_GROUPS/GuestOperations
  </handle>
</orderedSec>
JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup/CU/OperationGroups >

Here we have removed the link from the GuestGroup's OperationGroup CSec which referenced the QueryOperations.

Now we just need to do the same thing for the KnownGuestGroup: 

JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup/CU/OperationGroups >
parents
[1] /USER_GROUPS
JaneDoe test.cowdb trunk /USER_GROUPS/GuestGroup/CU/OperationGroups [go] >
1
JaneDoe test.cowdb trunk /USER_GROUPS >
children
[1] @/AdminGroup == /USER_GROUPS/AdminGroup
[2] @/GuestGroup == /USER_GROUPS/GuestGroup
[3] @/KnownGuestGroup == /USER_GROUPS/KnownGuestGroup
[4] @/UserGroup == /USER_GROUPS/UserGroup
JaneDoe test.cowdb trunk /USER_GROUPS [go] >
3
JaneDoe test.cowdb trunk /USER_GROUPS/KnownGuestGroup >
rtree
[1] @
[2] @/CU
[3] @/CU/PARENTS
[4] @/CU/CHILDREN
[5] @/CU/OperationGroups
JaneDoe test.cowdb trunk /USER_GROUPS/KnownGuestGroup [go] >
5
JaneDoe test.cowdb trunk /USER_GROUPS/KnownGuestGroup/CU/OperationGroups >
show
<?xml version='1.0' encoding='UTF-8'?>
<orderedSec name='OperationGroups' ascension='3'>
  <handle name='#1'>
/OPERATION_GROUPS/KnownGuestOperations
  </handle>
  <handle name='#2'>
/OPERATION_GROUPS/GuestOperations
  </handle>
  <handle name='#3'>
/OPERATION_GROUPS/QueryOperations
  </handle>
</orderedSec>
JaneDoe test.cowdb trunk /USER_GROUPS/KnownGuestGroup/CU/OperationGroups >
remove #3
JaneDoe test.cowdb trunk /USER_GROUPS/KnownGuestGroup/CU/OperationGroups >
show
<?xml version='1.0' encoding='UTF-8'?>
<orderedSec name='OperationGroups' ascension='3'>
  <handle name='#1'>
/OPERATION_GROUPS/KnownGuestOperations
  </handle>
  <handle name='#2'>
/OPERATION_GROUPS/GuestOperations
  </handle>
</orderedSec>
JaneDoe test.cowdb trunk /USER_GROUPS/KnownGuestGroup/CU/OperationGroups >

Read access to the trunk branch of test.cowdb is now secured. Only users with accounts in this branch can examine its content, and only an administrator can create those accounts.


Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use