user roles

David Merrill dmerrill@lupercalia.net
Tue, 2 Jan 2001 22:00:14 -0500 

On Tue, Jan 02, 2001 at 06:09:25PM -0500, Derek Atkins wrote:
> David Merrill <dmerrill@lupercalia.net> writes:
> 
> > I'm planning to define permissions within the database itself. I want
> > the database to be aware of these permissions so they can be enforced
> > at that level. They could be exported to the server in any format you
> > want, including the <name> <list of perms> you suggest.
> 
> I guess this implies that the each user must have a login to the
> database?

Correct. This is a requirement anyway to have complete, end-to-end
audit trails, and that's important.
 
> > I am allowing for an arbitrary number of "role" records to be
> > defined, each of which can be assigned any set of permissions. Each
> > user is then assigned one or more of these roles, and inherits all the
> > permissions provided by any of them.
> 
> That sounds eminently reasonable to me.  Indeed, I think there might
> be two sets of "roles" (mind if I call them groupings?).  First, you
> can have a set of groupings that bunch together a set of permissions,
> e.g.  read, write (which implies read), all (which implies read,
> write, admin, etc.  Second, you can have a set of groupings which
> define roles, e.g. sysadmin, financial-manager, entry-twit, etc.  The
> former list is most likely pre-defined by the system.  The latter set
> of groups is user-defined and allows users to build groups of
> users. :)

That's exactly it. I chose the term "role" because it implies with it
a business role, e.g., administrator, manager or data entry clerk. Now
who would like to take a stab at determining the default roles and
their default permissions? That would be a good exercise to fine tune
the set of permissions we configure.

I wonder how deeply these messages can nest before mutt throws up.
Hmmmm, we may find out soon. ;-p


-- 
Dr. David C. Merrill                     http://www.lupercalia.net
Linux Documentation Project                dmerrill@lupercalia.net
Collection Editor & Coordinator            http://www.linuxdoc.org
                                       Finger me for my public key

The great sea has set me in motion.
Set me adrift,
And I move as a weed in the river.
The arch of sky
And mightiness of storms
Encompasses me,
And I am left
Trembling with joy.