On Sun, 2006-01-29 at 07:36, Christian Boos wrote: > It's not exactly clear for me how RBAC and LBAC would interact: > Let's take a practical use case: 'Security' related tickets. > They should not be world-viewable, only the developers should have > r/w access on them. > > IIUC, access to tickets labeled with 'Security' could be restricted to > users having a 'Developer' role?
Yes. > It should then be possible for a non-developer user to report security > issues, > and therefore he should be able to create a new ticket and label it with > 'Security'. > He should also be able to view the ticket. That implies the possibility > to have > a rule stating that a 'Security' labeled ticket should be viewable by > its ''reporter''. <...snip...> That's what the admin-defined security policy is for. And yes, it will be possible. <...snip...> > Not sure it's worth (see Noah's mail): protecting about 'clueless' > plugins should be enough. I don't like it, but I'm beginning to agree. <...snip...> > Do you want to ''transform(sqlstatement)'' this into a query which > checks if the needed resource is readable? > This would first require to _infer_ the resource we're about to read > from the SQL query itself... > Eventually possible on the "SELECT summary..." query above, > but what about more complex ones? > > I think a programmatic access to the data layer would be > a prerequisite to make this practical. Quite possibly. Which is why I'm reluctant to say how I'm going to do this, because I'm not yet sure. The only way to really be sure is to write the code and see if I can create something sane. Cheers, -Jesse Kempf _______________________________________________ Trac-dev mailing list [email protected] http://lists.edgewall.com/mailman/listinfo/trac-dev
