Menu
▾
▴
Re: [Tsheetx-developers] [SPAM] Re: security model
|
From: Mark W. <ma...@rw...> - 2011-02-17 09:33:03
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi Peter, <br>
<br>
The privilege levels i.e. user, reporter, manager, administrator
would be created as different user groups. A user can be a member
of several groups.<br>
<br>
so<br>
user table:<br>
1 admin<br>
2 joe bloggs<br>
3. test user<br>
<br>
user group table:<br>
guest<br>
user<br>
reporter<br>
manager<br>
admin<br>
<br>
user group assignment<br>
admin -> administrator<br>
admin -> manager<br>
joe blogs ->user<br>
joe blogs ->report<br>
test user ->user<br>
test user ->report<br>
<br>
privilege table:<br>
1. monthly,view<br>
2. stopwatch, view<br>
3. clockings, edit<br>
4. reports, view <br>
<br>
<br>
privilege assignment:<br>
reporter -> 4 (reports,view) granted<br>
user ->1 (...) granted<br>
user ->2 granted<br>
manager ->3 granted<br>
test user ->4 denied<br>
<br>
<br>
If a request to access an area that hasn't been defined in a users
access control list then it is a denied access.<br>
If a user is denied access at any point that is it. Denied. i.e.
test user above is granted access to reports through the reports
group but<br>
is denied access on a specific user basis. Therefore he is denied
access. A deny should always overrule an allow in my opinion.<br>
<br>
The (monthly, view) bit is just a way of allowing pseudo groups of
privileges to exist so that they can be searched more easily. The
fact that<br>
it is two fields 'monthly', 'view' has no real effect.<br>
<br>
In terms of default user groups this would be configured. An
unlogged in user is part of the group guest. A new signup is part
of the group user.<br>
So therefore I would add an extra group above 'tsx_users' so that a
new signup has to request access to be able to start using the
timesheet functions. Alternatively an admin could register a new
user and give them access straight away.<br>
<br>
Please could I have some feedback on my proposed update?<br>
<br>
Regards<br>
Mark Wrightson<br>
<pre class="moz-signature" cols="72">_____________________________________________
Mob: 07725 695178
Email: <a class="moz-txt-link-abbreviated" href="mailto:ma...@rw...">ma...@rw...</a></pre>
<br>
On 17/02/2011 07:32, Peter Lazarus wrote:
<blockquote cite="mid:4D5...@gm..." type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Mark,<br>
I have some questions about how privileges are defined, mostly to
try and understand how this design hangs together.<br>
<br>
In the privileges table example below you show 'monthly' which
relates to the php script or form to be used. And 'view', being
the privilege level etc. So if these are just text type fields,
then different privilege levels can be easily added later as
required. And the privileges table defines all allowed
combinations of privilege level and form name and whether they are
granted or not. <br>
<br>
Now a user can be linked to a usergroup, or not, or is there a
default usergroup? Then priviliges are linked by the privilege
assigments table. So an individual user could have his privileges
defined either by the group he belongs to, by individual
privileges, or by an individual privilege over-riding the group
privilege?<br>
<br>
Another question I have on this design is how will a hierarchy of
user types and privileges be defined? <br>
<br>
Now you may well have solved all these issues. It's just that I'm
trying to understand how it hangs together.<br>
<br>
Peter <br>
<br>
<br>
On 17/02/11 05:40, Mark Wrightson wrote:
<blockquote cite="mid:4D5...@rw..."
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
Hi Scott, <br>
<br>
Agreed that the authentication model needs an update. I have
already done half the work required to do exactly this.<br>
In the code you will see an include/auth/auth.class.php which
is currently a stub class waiting to have some more code added
in.<br>
(the code is already written, i didn't want to change it until
there was a robust way of sending database updates to
developers).<br>
<br>
The way it works is<br>
<br>
a table of users<br>
a table of user groups<br>
a table assigning users to usergroups<br>
a table of privileges (i.e. monthly, viewpage, granted) more
specifically in the db('monthly', 'view','1')<br>
a table of privilege assignments that maps a privilege to
individual users or a user group.<br>
<br>
The structure is such that it is 100% expandable. The
inspiration for the structure was active directory.<br>
<br>
The only thing I haven't got as far as writing is a gui to
control the privileges. (if someone could help here maybe?)<br>
<br>
Along with the auth update is a menu system update to improve
how the menu is built. - drop down menus etc (database driven)<br>
The gui is complete for that bit.<br>
<br>
Finally I have an update for the login / logout scripts /
account management /registration / forgot password scripts.
More information to follow on that.<br>
<br>
Regards<br>
Mark<br>
<br>
<br>
<pre class="moz-signature" cols="72">_____________________________________________
Mob: 07725 695178
Email: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:ma...@rw...">ma...@rw...</a></pre>
<br>
On 16/02/2011 16:58, Scott Miller wrote:
<blockquote
cite="mid:AANLkTikVQiZwMT85hL4hB1aV370QGXrjV2kF=B7...@ma..."
type="cite">I'm preparing to work on translating the existing
config database table into our new configuration table, and
when I went to start, I realized I'd worked on creating a new
security model and thus new security tables.<br>
<br>
So, currently our security model consists of each login being
give one of 3 access levels: user, manager, administrator.
Also, each page is given one of 4 access levels: user,
manager, administrator, none. To successfully get access to a
page, your access level must be greater than or equal to the
level the page has been given.<br>
<br>
Within the database, those accesses are defined via an ENUM
mechanism, and believe it was a mistake to use enums, because
if you want to add a new level, you have to modify the
database schema. I propose to eliminate the enums, and just
use raw integer values for the page and user access levels.<br>
<br>
2ndly I propose to take the page security definitions out of
the configuration table completely, and create a new page
security table. The security table would have the page name
and the default access, and I was intending to add a field to
determine whether the page name was allowed on the menu bar at
all.<br>
<br>
I had also thought that it would be nice, particularly for
some reports, to allow a security exception. I envisioned
this to be per user, and another new table would be needed.
username, pagename, and an access override code. The override
code was to be 0 - no access, 1- read access, 3 - read and
save access (it's a binary bit map (save, read) - 2 would be
save only, but without read that would be rather useless). I
envisioned a check in the code for each page would query if
there was an exception entry for the username/page, and if
not, normal access would be granted; if so, the override
access would be used.<br>
<br>
What do you all think about these proposals?<br>
<br>
-Scott<br>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://p.sf.net/sfu/intel-dev2devfeb">http://p.sf.net/sfu/intel-dev2devfeb</a></pre>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Tsheetx-developers mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Tsh...@li...">Tsh...@li...</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/tsheetx-developers">https://lists.sourceforge.net/lists/listinfo/tsheetx-developers</a>
</pre>
</blockquote>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://p.sf.net/sfu/intel-dev2devfeb">http://p.sf.net/sfu/intel-dev2devfeb</a></pre>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Tsheetx-developers mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Tsh...@li...">Tsh...@li...</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/tsheetx-developers">https://lists.sourceforge.net/lists/listinfo/tsheetx-developers</a>
</pre>
</blockquote>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
<a class="moz-txt-link-freetext" href="http://p.sf.net/sfu/intel-dev2devfeb">http://p.sf.net/sfu/intel-dev2devfeb</a></pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Tsheetx-developers mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Tsh...@li...">Tsh...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/tsheetx-developers">https://lists.sourceforge.net/lists/listinfo/tsheetx-developers</a>
</pre>
</blockquote>
</body>
</html>
|
