Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Application Access Control

by ducky (Scribe)
on Sep 24, 2001 at 04:53 UTC ( #114227=note: print w/replies, xml ) Need Help??


in reply to Application Access Control

I've had to come up with access control mechanisms before and the only one I've been happy with makes extensive use of a database. Unfortunately, I haven't gotten around to making a decent module out of it, though it's been on my to-do list for quite a while, because the methods were written as HTML::Mason components and I just re-use the component rather than do the Right thing.

Essentially, it's a system of users, groups and access entities. Everything's assigned an entity. According to memberships between the users<->groups<->entities or users<->entities access is decided. Users explicitly granted or denied to the entity takes priority over users assigned to a group which then have permission granted or denied and the default permission takes effect if the other two come up emtpy.

It's a bit of a grand system, quite overkill for almost everything I've used it for, but I like it. =) If you'd like table definitions and SQL queries that drive it, I'd be happy to cough those up, just me know.

-Ducky

Update:Check this for a mess of SQL statements to create and query what I talked about above. So I coughed. There. =)

Update II: Since I've gotten some interest in these, here's a quick overview of the tables:

users ---------- user_id auto-incrementing, primary key name text, for human consumtion entities ---------- entity_id auto-incrementing, primary key name text, for human consumtion permission boolean, default permission groups ---------- group_id auto-incrementing, primary key name text, for human consumtion priority int, optional. to give one group priority over another group/entity membership ---------- group_id int, references groups table entity_id int, references entities table permission boolean, this group's permission on the entity user/entity membership ---------- user_id int, references users table entity_id int, references entities table permission boolean, this user's permission on the entity user/group membership ---------- user_id int, references users table entity_id int, references entities table
The ugly SQL to pull all these memberships together and determine a user's permission to a given entity based on what groups they're in and what permission has been assigned to them is available here (same link as above)

Update III: yeesh. Updated the link to my site.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://114227]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (6)
As of 2019-12-12 16:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?