1. We have moved to a new forum! There may be a few things not working properly so please let us know if you find a bug. Remember to use the bbCode [ sql ] tag for SQL statements.
New XenForo forum! Google Ads

Fine Grained Role Based Access Control (RBAC) system

Discussion in 'Database Design' started by ben, May 29, 2006.

Page 6 of 6

  1. Daniel Guest

    Just wondering, is there anyone who has ported this from MySQL to PostgreSQL?
    I also noticed that there are no ON DELETE cascade on the FK's for instrance, any reason why this specific choice (possible corrupt data can result)?

    @boatingcow
    Seems you want to have restraints on the possible insertion values rather then on the actual action placed upon the object. I don't think that that has much to do with the RBAC, the RBAC decides who can do what, the how is up to other constraints within the application.

    In your example:
    Who can do what [RBAC ends here] how?
    HR-manager can update registration date [End RBAC] within constraints

    Apart from that, why would you want to have different constraints on input after the RBAC? What is the use of limiting people who can edit a post on a forum (a.e.) to limiting them to only edit the first half? Then you should reconsider giving them access to the edit option in the first place?

    At least, in my opinion ofcourse :)

    Cheers!

    Dan
    Daniel, Mar 11, 2010
    #101

  2. boatingcow New Member

    @Daniel - A forum application as you suggest might not warrant this, but as in my example above, administrating HR within a company's ERP application might! The example I gave above is a situation where the constraints depend entirely on the role and should be handled alongside the roles themselves rather than elsewhere in the application. The constraints not only apply to sanitizing input on form submission, but also help the application create the correct help texts, error messages and JavaScripts...

    I don't want to steal Ben's excellent post, so if need be, I'll start a seperate thread!

    Thanks
    boatingcow, Mar 24, 2010
    #102

  3. jsherk Guest

    codeigniter

    Anybody got this working with CodeIgniter?
    jsherk, Aug 20, 2010
    #103

  4. baranka Guest

    hi.

    Looking at the code and wondering what's the point of variable $weight in
    functions IsAllowedTo() and LoadAllUserPrivileges()...
    Right now that variable doesn't get used at all for filtering.
    That also means that line:
    $new_weight = (int) $conn->is_privilege_singular + (int) $conn->is_domain_singular;
    is also meaningless...
    baranka, Mar 29, 2011
    #104

  5. Unregistered Guest

    Big thanks

    Big thanks
    Unregistered, May 14, 2011
    #105
Page 6 of 6

Share This Page