[Exist-development] Proposal to change security design of groups

[Adam R. <ad...@ex...>]

At present a lot of the operations around permissions are restricted
to users in the DBA group. This is a artificial restriction that we
have imposed to try and keep a high level of security. I think that
this is a legacy, which in fairness was required, before Dmitriy's
excellent work to modernise and massively improve the security
architecture in eXist-db.

However, I have two use cases (and there are probably others), whereby
I need to decompose the security architecture in eXist-db further to
allow us to build good web applications, where security can be managed
by appropriately by authorised and authenticated users.

Use Case 1
----------------
A user creates a group, and then later wishes to remove the group.

Problem - At present anyone can create a group, BUT only users in the
DBA group can delete a group. It is undesirable to make all users DBA
as this gives them complete control over the running eXist-db
instance.


Use Case 2
----------------
A  user creates a group, and then needs to be able to invite other
users into his group for the purposes of sharing data.

Problem - At present anyone can create a group, BUT only users in the
DBA group can add a user to a group.



Proposed Solution
--------------------------
Introduce the concept of ownership of a groups. The user who creates a
group, is the owner of that group.

e.g. If the user "User A" creates a group "Group 1", he is the owner
of the group "Group 1".
1) "User A" can add any other user to "Group 1", because he is the
owner of that group.
2) Any user can remove themselves from any group they choose - I
cannot think of a case where downgrading a users rights prevents a
security risk. This is the users right!
3) "User A" can also delete "Group 1" when he choose because he is the
owner of that group. Again this is a case of downgrading users rights.

Thanks Adam.

-- 
Adam Retter

eXist Developer
{ United Kingdom }
ad...@ex...
irc://irc.freenode.net/existdb