Thread: Access Control System - Design
Hi,
I need to implement a "Access Control System", but I don't have any clue of what it is the ideal system... I will try to explain my problem...
I have 4 levels of users in my web application, "Super Administrator", "Administrator", "Manager" and "Worker".
The database have data from more than one company. But all different companies belong to the same group of bussiness.
So... the . "Super Administrator" will access to the data of all companies
. "Administrator" will access to the data of only one company(his company)
. "Manager" will access to the data of a region of only one company AND all actions must be confirmed by the "Administrator".
. "Worker" will access only to the data that he inserts to the system AND all actions must be confirmed by the "Manager" of his region.
Here I have the requirements of the "Access Control System" and the requirements of the "Workflow".
I have read this document, but I don't know wich system to use. Here is the document: http://www.tonymarston.net/php-mysql/role-based-access-control.html
What is your advice for me? There are some open-source systems ready to use?
Best Regards,
André.
I need to implement a "Access Control System", but I don't have any clue of what it is the ideal system... I will try to explain my problem...
I have 4 levels of users in my web application, "Super Administrator", "Administrator", "Manager" and "Worker".
The database have data from more than one company. But all different companies belong to the same group of bussiness.
So... the . "Super Administrator" will access to the data of all companies
. "Administrator" will access to the data of only one company(his company)
. "Manager" will access to the data of a region of only one company AND all actions must be confirmed by the "Administrator".
. "Worker" will access only to the data that he inserts to the system AND all actions must be confirmed by the "Manager" of his region.
Here I have the requirements of the "Access Control System" and the requirements of the "Workflow".
I have read this document, but I don't know wich system to use. Here is the document: http://www.tonymarston.net/php-mysql/role-based-access-control.html
What is your advice for me? There are some open-source systems ready to use?
Best Regards,
André.
Andre Lopes wrote: > Hi, > > I need to implement a "Access Control System", but I don't have any > clue of what it is the ideal system... I will try to explain my problem... > > I have 4 levels of users in my web application, "Super Administrator", > "Administrator", "Manager" and "Worker". > > The database have data from more than one company. But all different > companies belong to the same group of bussiness. > > So... the . "Super Administrator" will access to the data of all > companies > . "Administrator" will access to the data of only one > company(his company) > . "Manager" will access to the data of a region of only > one company AND all actions must be confirmed by the "Administrator". > . "Worker" will access only to the data that he inserts > to the system AND all actions must be confirmed by the "Manager" of > his region. your workflow management sounds like it will need to be enforced by the business logic of your web application, as postgres roles won't have anywhere near that level granularity, nor will they support any sort of approval requirements. most likely, the business logic will just use one postgres role which grants it access to the whole database, and all finer granularity management, including your approval rules will be in that business logic. You'd have table(s) for your workers and managers and administrators with links to their parent approvals. no users except the database administrators would have direct access to the actual database, instead, all production operations would pass through your business logic layer. as to how you implement this approval process, well, pending change requests could go into a pending approval queue/table and generate the appropriate notifications, then when the various managers/administrators browse and make these approvals, the state is advanced until the actual changes can be committed to the real data tables.