Re: Brainstorming: Security Requirements/Scenarios

Thu, 09 Jul 2009 08:41:56 -0700 

I'm bumping this because I would like to begin working on it.
I've been updating the design document when I have time - http://docs.ofbiz.org/x/Ch8.
There are two design issues that I would like to get finalized soon, so that work can begin:
1. The document proposes converting the Security abstract class to an interface, and adding new methods to the interface that will implement the new security design. If there are no objections to changing Security to an interface, then I will design and document the new Security API.
2. The document describes two artifact hierarchies - static and dynamic. The pros and cons of each is demonstrated in the Access Control Scenarios portion of the document. We need to decide which approach to use. Once that decision is made, we can build out more of the design. 

-Adrian

Adrian Crum wrote:

--- On Sun, 5/17/09, David E Jones <david.jo...@hotwaxmedia.com> wrote:

If I understand correctly what you are describing above it
is simply record level permissions. And yes, I agree that is a common requirement that we've discussed quite a bit. I'm worried I'm misunderstanding though because I'm not sure how that fits with comment... 

It fits into the design objective because it takes the record-level filtering 
out of code and puts it in assigned permissions. Isn't that one of the 
objectives? Remove the security checking that is embedded in code and put it in 
the database where an administrator can assign it to a user.

Instead of hard-coding record-level permission checking inside some other 
service, extract the record-level permission checking code, make it a service, 
and assign the service as part of a user's permissions.

It's clear we have disconnected somewhere. The existing entity engine doesn't 
know about security. It works with not-logged-in users and anonymous users and 
whatever else comes along. I'm not suggesting we change any of that. Keep it 
all the same. But add the ability to restrict records based on the user. If 
there is no user, then it does what it has always done. I don't know how else I 
can say it. *shrug*

-Adrian

Reply via email to