RE: Access control via a role based security model

2003-07-12 Thread Murray
Thanks for the start Peter.

I'm developing the interface using Tomcat and JSP.  Tomcat http basis
authentication provides a JDBC realm interface which allows me to use the
content of my mySQL database to log users on, validate passwords and assign
roles to them.  I can see that it is feasible for me to manage the
privileges through my own code in the web logic but I had hoped to use the
inbuilt structures of the database.  I feel that is less prone to hacking
because it places the security closest to the dbms.

-Original Message-
From: Peter Lovatt [mailto:[EMAIL PROTECTED]
Sent: Saturday, 12 July 2003 17:11
To: Murray; [EMAIL PROTECTED]
Subject: RE: Access control via a role based security model


Hi

You could achive what you want using grant statements, but you still need a
user interface to send queries to the database and display the information
sent back in a way that is manageble for non techies.

There are many ways of building user interfaces, php ( http://www.php.net )
is probably a good place to start, as it is a web based system, though asp
and Coldfusion might also be worth a look.

With php look at sessions as part of managing the users access.

You can manage user privailges much better through the interface.

Let me know if you would like more depth of information.

Peter




-Original Message-
From: Murray [mailto:[EMAIL PROTECTED]
Sent: 12 July 2003 07:16
To: [EMAIL PROTECTED]
Subject: Access control via a role based security model


I am trying to develop a web based database application to manage a Scout
group.  I need to control the level of access different visitors to the site
are allowed to different parts of the database.  I need to provide public
information, including some contact details from the database, to
unauthenticated (non-member) users and to provide a scale of access to more
information for authenticated members.

The access model would be similar to the following:
Role name  Access
public group leader contact details
member read own details, update some details, read contact
information for all other members
leader as for member plus update youth member progress records
mmbrship secy  update financial details for all members
group leader   access all areas


The mySQL manual shows this can be managed by granting privileges to
individual users based on columns in the various tables.  Can I do it using
a role-based model where I assign one or more of the above roles to a user
and grant the privileges to the role?

Murray Nicholas



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]




--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]




-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]



RE: Access control via a role based security model

2003-07-12 Thread Peter Lovatt
Hi

You could achive what you want using grant statements, but you still need a
user interface to send queries to the database and display the information
sent back in a way that is manageble for non techies.

There are many ways of building user interfaces, php ( http://www.php.net )
is probably a good place to start, as it is a web based system, though asp
and Coldfusion might also be worth a look.

With php look at sessions as part of managing the users access.

You can manage user privailges much better through the interface.

Let me know if you would like more depth of information.

Peter




-Original Message-
From: Murray [mailto:[EMAIL PROTECTED]
Sent: 12 July 2003 07:16
To: [EMAIL PROTECTED]
Subject: Access control via a role based security model


I am trying to develop a web based database application to manage a Scout
group.  I need to control the level of access different visitors to the site
are allowed to different parts of the database.  I need to provide public
information, including some contact details from the database, to
unauthenticated (non-member) users and to provide a scale of access to more
information for authenticated members.

The access model would be similar to the following:
Role name  Access
public group leader contact details
member read own details, update some details, read contact
information for all other members
leader as for member plus update youth member progress records
mmbrship secy  update financial details for all members
group leader   access all areas


The mySQL manual shows this can be managed by granting privileges to
individual users based on columns in the various tables.  Can I do it using
a role-based model where I assign one or more of the above roles to a user
and grant the privileges to the role?

Murray Nicholas



--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]




-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]