RE: SecurityService

Fedor Karpelevitch Fri, 15 Sep 2000 10:38:07 -0700
>  > >  * USER is associated with a person actually hitting pages.
>  > >  * APP or SYSTEM is a group of related pages.
>  > >  * ROLE or PERMISSION is the ability to perform an atomic activity.
>  > >  * PROFILE is a set of ROLEs with a name.
>  > >  * A tuple <user,app,profile> means that user has all the
>  > >    roles in that profile when hitting pages in that app.
>  > 
>  > Since ROLE is a group of PERMISSIONs, why introduce PROFILE 
>  > which is a group of roles? Roles should be enough...
>  
>  No, in my view, ROLE and PERMISSION are the same (as it
>  says above): the ability to perform an atomic activity.
>  Therefore, a PROFILE is a grouping of ROLEs (or PERMISSIONs).
>  
>  If you want, we can define a PERMISSION as the atomic entity, and
>  a ROLE as the grouping of PERMISSIONs, and do away with PROFILEs;
>  it is the same thing.

I think this is the current way of doing things and there is no need to
change it...

>  > >  
>  > >  Maybe this should be extended to allow for one page to belong
>  > >  to more than one app?
>  > 
>  > Could you explain? I am not sure I understand what you mean...
>  
>  I mean, say you have two apps, APP1 and APP2. Maybe you will
>  have under APP1 user gonzo has read access to page1.wm, and
>  under APP2 user gonzo has read/write access to page1.wm.
>  If this is a possibility (sharing pages between apps),
>  the mapping should support the idea that a given page
>  is associated to more than one app. Now, if the ROLEs are
>  specified by page, and not by app, this will be supported,
>  but if a user's ROLEs are associated to an app, it may
>  be trickier...

I think there is no problem here. A user has certain permissions in an
application and a page requires a permission for an action. So if page A
requires permission B to  view and permission C to change info, and user D
has permission B in project E and permission C in project F. he will only be
able to  view the page A in project E , but will be able to change info on
that page in project F. Works just fine.


fedor.





_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html



------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]
RE: SecurityService

Reply via email to
