----- Original Message -----
From: Jochem van Dieten
To: CF-Talk
Sent: Monday, October 13, 2003 4:48 AM
Subject: RE: ACL database design
Hugo Ahlenius wrote:
>
> I actually had in mind an unlimited parent/child relationships in
> the groups. So that the super-parent would be the "Admin" group,
> that all other groups are derived from, like "superusers" inherit
> the rights from the admin group, but with rights X,Y & Z revoked.
> And the "regular users group" is a child of the "superusers" group,
> etc.
You do realize this is a "fail open" model? I.e., if somehing goes
wrong the user defaults to being Admin, instead of being nobody. Most
security systems are designed as "fail close" systems.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
