|
||||||
 |
|
|
LinkBack (50) | Thread Tools | Search this Thread |
Rating: 
|
| Database Design Find articles on variouse database design topics |
|
||||||
|
|
|
LinkBack (50) | Thread Tools | Search this Thread |
Rating:
|
08-03-2007, 07:48 AM
|
|||
|
|||
Re: Can this system perform the following?
Quote:
What you would do is create a domain for each category you want and then when new editions of a newspaper come out you simply insert them into one (or many) categories. The administrator and moderator would then have different privileges assigned to them. You could create a role for each category if you wanted to. Each role then has actions (or privileges) associated with it. You may want to define a simple role that allows a user to 'read' each category. In other words you may have a subscription website in which you only want users to read categories they are subscribed to. A user can be subscribed to multiple categories, in which case the user will have multiple roles. Hope this helps.     
|
|
09-21-2007, 04:25 PM
|
|||
|
|||
|
Re: Fine Grained Role Based Access Control (RBAC) system
Hi Ben,
Really enjoyed reading your RBAC system, but I was taking a look and trying to apply it to a system I am designing. If I say have a field let's say "rating" on a certain forum page that I would like to control access to, would the field be considered an "object" in your model? I'm assuming the "forum page" would be created into the domains table. The "rating" would be created in "objects". How would I control access to that specific object? Or would it be that the "rating" field would be created as a "singular domain" in which case I would use that "singular domains" access priveleges?
|
|
09-21-2007, 10:34 PM
|
||||
|
||||
|
Re: Fine Grained Role Based Access Control (RBAC) system
Quote:
Quote:
Quote:
1) find out if a user is allowed to perform a certain action on the domain. (in this case it will be 'forum page') 2) or you could find out if a user is allowed to perform a certain action on the object itself (in this case rating.) It really comes back to how you define your roles. The system is very flexible so it is up to you to think things through and build your roles accordingly. Quote:
Having said this it really is up to you to define your roles appropriately. Give me more info on what you want to achieve and I can help you out more.
|
|
10-02-2007, 12:17 PM
|
|||
|
|||
|
Re: Fine Grained Role Based Access Control (RBAC) system
Hi Ben,
I found your website with this excelent RBAC system. I'd like to implement it, but asking you if you could give a little help with the implamentation. I'd like to have groups instead of users. This is not quite hard, but I'd also like to have a group parent-child relation. E.g. you have a company, and a group "workers". Then a group "section-a" is a child of "workers", and a group "room 1234" is a child of "section-a". A more specialized group has always priority for global group. If "workers" may view a single object in a domain, and only room 1234 may edit that object, this room group has a higher priority. I thought about this database design: rbac_group_has_roles (like your rbac_user_has_roles) group id (integer) name (string) parent_id (integer, pointing at another group id) user_in_group user_id (integer, pointing at a user id) group_id (integer, pointing at a group_id) But how can I check the influence of "higher" groups? I know something about database design and normalisation, but i'm absolutely bad in mentioning queries to fetch the right information out of the database. Is this possible with (my)SQL, or should I sending queries with php. E.g. you know a user is a member of a subgroup, do I need to send seperate queries for both groups and filter it with php? Thanks for your help!!! PS. I'll implement this (if the group-thing works) into my own content managment system: Damnsmall cms (currently only available in Dutch). Last edited by mithras : 10-02-2007 at 12:23 PM. Reason: Email notification added
|
|
10-02-2007, 01:50 PM
|
|||
|
|||
|
Re: Fine Grained Role Based Access Control (RBAC) system
Hi Mithras,
Give me a day or two to think about this, and I will get back to you. (It is easy to create a group of users but it looks like you want to have multiple nestings, which may complicate things.) Cheers, Ben
|
|
10-02-2007, 03:42 PM
|
|||
|
|||
|
Re: Fine Grained Role Based Access Control (RBAC) system
Quote:
I'm a member of the board of a student music corporation from the Technical University Delft (from The Netherlands). We have members (a group ;-) ), an orchestra (subgroup of members), a choir (subgroup of members), wings (subgroup of orchestra), strings (subgroup of orchestra), wood wings (subgroup of wings). And so on... So I would be very happy if you know a solution for my problem. Thanks in advance, I'll wait patiencely :-)
|
|
10-04-2007, 11:50 AM
|
|||
|
|||
|
Re: Fine Grained Role Based Access Control (RBAC) system
Quote:
A few days later.... I think we have to look at the problem a little differently. Rather than trying to nest groups of people I would create relevant roles. A user can have multiple roles. And a role can have multiple privileges. So create as many roles as you like and assign users to those roles. I know this is not 'ideal' but it would be simple and fast, even though some data would be repeated several time. MySQL can deal with millions of records effortlessly this would not be a problem. So I would create the following roles: 'General member' 'Orchestra member' 'Choir member' etc... So when a user signs up to your account you can assign them all three roles if you like. Aleternatively you could create a table called group_roles which would have a one to many relationship with the roles table, so that you could define 'mega' roles and assign users to these 'mega' roles. This I believe would solve all your problems, but may not be worth the extra work... I hope this helps. Ben
|
|
| Thread Tools | Search this Thread |
| Rate This Thread | |
|
|
