[Tsheetx-developers] security model

[Scott M. <sco...@gm...>]

I'm preparing to work on translating the existing config database table into
our new configuration table, and when I went to start, I realized I'd worked
on creating a new security model and thus new security tables.

So, currently our security model consists of each login being give one of 3
access levels: user, manager, administrator.  Also, each page is given one
of 4 access levels: user, manager, administrator, none.  To successfully get
access to a page, your access level must be greater than or equal to the
level the page has been given.

Within the database, those accesses are defined via an ENUM mechanism, and
believe it was a mistake to use enums, because if you want to add a new
level, you have to modify the database schema.  I propose to eliminate the
enums, and just use raw integer values for the page and user access levels.

2ndly I propose to take the page security definitions out of the
configuration table completely, and create a new page security table.  The
security table would have the page name and the default access, and I was
intending to add a field to determine whether the page name was allowed on
the menu bar at all.

I had also thought that it would be nice, particularly for some reports, to
allow a security exception.  I envisioned this to be per user, and another
new table would be needed.  username, pagename, and an access override
code.  The override code was to be 0 - no access, 1- read access, 3 - read
and save access (it's a binary bit map (save, read) - 2 would be save only,
but without read that would be rather useless).  I envisioned a check in the
code for each page would query if there was an exception entry for the
username/page, and if not, normal access would be granted; if so, the
override access would be used.

What do you all think about these proposals?

-Scott