| Subject | Re: [Firebird-Architect] FB security - Roles vs Groups |
|---|---|
| Author | Christian Danner |
| Post date | 2005-08-15T18:12:41Z |
Only a short annotation (without considering the technical aspects of
realisation):
As a chosen combination of already granted roles isn't of relevance
regarding security, why not allow the user to define the needed
selection her-/himself, e.g. by transferring a comma-separated list of
roles, or - for convenience - alternatively an asterisk, if an
inclusion of them all for the least restricted db access is desired.
This could protect admins from the necessity of predefining myriads of
role supersets. BTW, an unset role would still mean a fallback to the
privileges directly granted to the user.
Regards
Christian
realisation):
As a chosen combination of already granted roles isn't of relevance
regarding security, why not allow the user to define the needed
selection her-/himself, e.g. by transferring a comma-separated list of
roles, or - for convenience - alternatively an asterisk, if an
inclusion of them all for the least restricted db access is desired.
This could protect admins from the necessity of predefining myriads of
role supersets. BTW, an unset role would still mean a fallback to the
privileges directly granted to the user.
Regards
Christian