user roles

David Merrill dmerrill@lupercalia.net
Wed, 3 Jan 2001 09:39:23 -0500 

On Wed, Jan 03, 2001 at 08:58:59AM -0500, Derek Atkins wrote:
> David Merrill <dmerrill@lupercalia.net> writes:
> 
> > > I guess this implies that the each user must have a login to the
> > > database?
> > 
> > Correct. This is a requirement anyway to have complete, end-to-end
> > audit trails, and that's important.
> 
> There are other ways of doing this...  If we have a "trusted security
> server" tied to the database, then the security server would login
> itself and then supply the audit trail information from its own user
> authentication.  For example, I don't think any SQL server accepts
> Kerberos Authentication, but I'd like to support that.

I was speaking only about the audit trail within the db itself. I
haven't given any thought to other auditing requirements.

BTW, I think postgres supports Kerberos.
 
> > That's exactly it. I chose the term "role" because it implies with it
> > a business role, e.g., administrator, manager or data entry clerk. Now
> > who would like to take a stab at determining the default roles and
> > their default permissions? That would be a good exercise to fine tune
> > the set of permissions we configure.
> 
> I'm not convinced that we really do need to define (many) default
> roles.  I do believe we need to allow users to define new roles, and
> we need to allow users to edit the membership of existing roles.
> (Does this imply that roles need ACLs too?)

I want the final shipping package to be preconfigured with working,
configured roles. The admin will be able to change them, or completely
replace them if s/he wants to, of course. And, as I said, it is a good
exercise to make sure we provide the right level of granularity wrt
permissions. The more potential roles we define, the better exercise
this is, although the shipping version shouldn't try to be that
comprehensive.

"Does this imply that roles need ACLs too" short answer, yes. Long
answer, all ACLs are assigned via a role, never directly to an
individual. All rights are obtained via a role. This complexity can be
hidden from the user in a single-user system, by the client, if it
wants to do that, but ultimately it is a role that has rights, not a
user.

-- 
Dr. David C. Merrill                     http://www.lupercalia.net
Linux Documentation Project                dmerrill@lupercalia.net
Collection Editor & Coordinator            http://www.linuxdoc.org
                                       Finger me for my public key

Mine is the ecstasy of the spirit
And Mine also is joy on earth.
For My law is love unto all beings.
		-- from The Charge of the Goddess, Doreen Valiente