On Tue, Nov 27, 2001 at 10:27:58PM -0800, Chuck Esterbrook wrote: > > We also need to clarify the distinction between 'ownership' and > > 'permissions'. ?In Unix these concepts are directly tied together. > > Not so in NT and other OSes. ?It should be possible for multiple > > users and multiple groups to have permissions to do perform various > > actions on a resource, just like in NT. ?But then who owns the > > resource? ?Should there be a concept of ownership built directly into > > the system, where only the owner of a resource (and root) can changes > > permissions for that resource. > > My first impressions is "no". We don't need to require a sense of > ownership as part of providing a framework for user management and > permissions. In fact, granular permissions about who-can-do-what seem to > obviate the need for ownership. If an object knows that "chuck can *; > tavis can view, edit, delete; others can view" then ownership becomes > useless (unless you had other uses intended for it).
MySQL gets by just fine with just permissions. There is a root user with all permissions. He creates users and gives them add/change/delete privileges on records/tables/databases as he sees fit. One of the permissions is "grant", which allows that user to give permissions to others for the things he has permissions to. I never use the grant feature because it just adds unnecessary complications (a more complex structure to keep track of, and a potential security hole if certain users are untrustworthy--not that that's a problem in my situation), but it does provide a model for avoiding the "ownership" layer. -- -Mike (Iron) Orr, [EMAIL PROTECTED] (if mail problems: [EMAIL PROTECTED]) http://iron.cx/ English * Esperanto * Russkiy * Deutsch * Espan~ol _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
