| Subject | User Manager |
|---|---|
| Author | georgethenorge |
| Post date | 2001-12-19T16:38:02Z |
I am working on a simple user manager for IBO-Ibase/Firebird. I am
looking for comments/suggestions.
Here are excerpts from some email back and forth between myself and
JW to get you up to speed:
I. A user manager. It does all of the new user registration, grants,
etc. from within the app. I haven't perfected it, but I will to get
my app done. I can see two possibilities - either as an example app,
or as a little component people can throw into their apps.
II. Here is a fundamental design concept that I want to share with
you early on in this, so neither of us are too surprised at the
finished product and your reaction to it:
I like to put a lot of effort into the exact permissions of 5
different roles. Then, when you add a user, you pick one of those
five roles for that user. It is clean, and works most all of the
time.
Now, what about the cases where Mary W. needs to be able to have a
little bit more access that her co-workers using the same role? Here
are the possibilites:
1. Add extra permissions to her user name.
2. Create a special role for her, based on her previous role.
3. Bluntly upgrade her to a higher level and stick strictly to 5
roles.
I like 2 the best, because sooner or later somebody else is going to
end up with Mary W.'s job.
III. The question is - Where to put the user admin tables and other
info?
1. Each and every .gdb is its own little feifdom. This is obviously
best in cases where there is just one .gdb at a company.
2. We have a user.gdb (analogous to the workgroup.mda in Access)
that keeps track of users. Any other .gdb can join this little world
and thus be subject to its command. This is best in cases where
there might be many .gdb's, like my crazy company ;)
I want to make sure that we don't open any stupid security holes.
Thanks much,
George Helmke
looking for comments/suggestions.
Here are excerpts from some email back and forth between myself and
JW to get you up to speed:
I. A user manager. It does all of the new user registration, grants,
etc. from within the app. I haven't perfected it, but I will to get
my app done. I can see two possibilities - either as an example app,
or as a little component people can throw into their apps.
II. Here is a fundamental design concept that I want to share with
you early on in this, so neither of us are too surprised at the
finished product and your reaction to it:
I like to put a lot of effort into the exact permissions of 5
different roles. Then, when you add a user, you pick one of those
five roles for that user. It is clean, and works most all of the
time.
Now, what about the cases where Mary W. needs to be able to have a
little bit more access that her co-workers using the same role? Here
are the possibilites:
1. Add extra permissions to her user name.
2. Create a special role for her, based on her previous role.
3. Bluntly upgrade her to a higher level and stick strictly to 5
roles.
I like 2 the best, because sooner or later somebody else is going to
end up with Mary W.'s job.
III. The question is - Where to put the user admin tables and other
info?
1. Each and every .gdb is its own little feifdom. This is obviously
best in cases where there is just one .gdb at a company.
2. We have a user.gdb (analogous to the workgroup.mda in Access)
that keeps track of users. Any other .gdb can join this little world
and thus be subject to its command. This is best in cases where
there might be many .gdb's, like my crazy company ;)
I want to make sure that we don't open any stupid security holes.
Thanks much,
George Helmke