Menu
▾
▴
Re: [Exist-development] Proposal to change security design of groups
|
From: Peter C. <pet...@me...> - 2010-09-30 13:24:49
|
Can I point readers towards Microsoft's security model for NTFS and Active
Directory (which is in turn based on VAX/VMS)? It's simple in concept and
extremely flexible. The extended permissions models in modern UNIXes are
similar. There are:
- Objects that require securing;
- Rights that a principal may have over an object (these my be different for
each type of object);
- One access control list (ACL) for each object, containing a list of tuples
of <principal, right, allow/deny>.
I think what we're discussing here is what the rights should be, and whether
there are any that cannot / should not be taken out of the ACL. From my
experience, after writing such a permissions system for a virtual learning
system, I'd say that all combinations of things in the ACL should be
allowed.
Incidentally, the NTFS version of auditing is also extremely flexible and
worth a look. Finally, the designers have gone to considerable lengths to
ensure that an administrator cannot completely hide that they've taken some
underhand action, although they can hide what that action was.
- Peter
On 28 September 2010 16:04, Dmitriy Shabanov <sha...@gm...> wrote:
>
>
> On Tue, Sep 28, 2010 at 1:47 PM, Adam Retter <ad...@ex...> wrote:
>
>> On 28 September 2010 09:42, Thomas White <tho...@gm...> wrote:
>> > On 27 September 2010 16:12, Adam Retter <ad...@ex...> wrote:
>> >>
>> >> >>2) Any user can remove themselves from any group they choose - I
>> >> >>cannot think of a case where downgrading a users rights prevents a
>> >> >>security risk. This is the users right!
>> >> > I did mail before, we must agree on terms we going to use. 'owner' is
>> >> > quite
>> >> > good, but limited. My offer: group's 'manager'
>> >>
>> >> Owner or manager really makes no difference to me. In English it would
>> >> seem to me that 'owner' is the more accurate and succinct term.
>> >>
>> >> > (can change members list &
>> >> > permissions for group, it can be 2 different roles ) & 'member' (use
>> >> > group's
>> >> > permissions). It simple to see that there can be person that can
>> manage,
>> >> > but
>> >> > have no access for resources.
>> >>
>> >>
>> >> I am not clear on why a group would have 'permissions'? Surely
>> >> collections and resources have permissions in terms of owner and
>> >> group, but not the group object itself.
>> >
>> >
>> > Adam, I think Dmitriy is proposing a model where there is a clear
>> separation
>> > between being a member of a group and managing the group itself. I quite
>> > like the idea and it takes care of a common case from the practice.
>> >
>> > Example: An admin who manages the group of CEO users does not need to
>> have
>> > access to the confidential reports in a collection, available to the
>> members
>> > of this group.
>>
>> Dmitriy is that the case? If so you explanation has made this much
>> more understandable for me, thanks :-)
>>
>
> Eхplanation is my weakness :-)
>
> Of course this is what CEO's want, but in my experience the admin can
>> always access absolutely anything if he or she wants to ;-)
>
>
> I'm admin, but I don't have time to do all staff after all. So, it's more
> of job sharing ...
>
>
>> > When we discuss eXist security matters I think it is high time to start
>> > looking at it from a slightly bigger perspective. Imagine a company of
>> 1000
>> > employees where to have one admin user that does it all is nor neither
>> > possible nor practical . There will be teams of admins dealing with
>> variety
>> > of jobs across the teams and departments.
>> >
>> > Thomas
>> >
>> >
>> >
>> >>
>> >> --
>> >> Adam Retter
>> >>
>> >> eXist Developer
>> >> { United Kingdom }
>> >> ad...@ex...
>> >> irc://irc.freenode.net/existdb
>> >>
>> >>
>> >>
>> ------------------------------------------------------------------------------
>> >> Start uncovering the many advantages of virtual appliances
>> >> and start using them to simplify application deployment and
>> >> accelerate your shift to cloud computing.
>> >> http://p.sf.net/sfu/novell-sfdev2dev
>> >> _______________________________________________
>> >> Exist-development mailing list
>> >> Exi...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/exist-development
>> >
>> >
>>
>>
>>
>> --
>> Adam Retter
>>
>> eXist Developer
>> { United Kingdom }
>> ad...@ex...
>> irc://irc.freenode.net/existdb
>>
>
>
>
> --
> Dmitriy Shabanov
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Exist-development mailing list
> Exi...@li...
> https://lists.sourceforge.net/lists/listinfo/exist-development
>
>
|
