The access-control tag has no wiki summary.
3
votes
1answer
166 views
Standard practices for access control (design pattern)
I'm looking at my interface design and I am struggling to decide which is the most "correct" way to implement role-based access control, given a user and a subject that the user would like to access.
...
0
votes
1answer
62 views
Using a Proxy as an ACL
I am building an MVC application in PHP, using Zend Framework.
My model includes Domain Model and Mapper layers. I am trying to keep the domain model in pristine condition and have managed to keep ...
1
vote
1answer
71 views
Restrictive routing best practices for Google App Engine with python?
Say I have a simple structure:
app = webapp2.WSGIApplication([
(r'/', 'pages.login'),
(r'/profile', 'pages.profile'),
(r'/dashboard', 'pages.dash'),
], debug=True)
Basically all pages ...
0
votes
0answers
68 views
Using a Finite State Machine for access management?
My intranet site uses LDAP and Active Directory to authenticate users. There are 2 kinds of Users: Managers and Employees. They are differentiated by having membership in a particular AD group.
In an ...
6
votes
1answer
384 views
What is the nicest (user-friendliest) way to tell a user about “Access Denied” error?
Our software implements a layer of role-based security to secure data access, in the form of access control lists. Whenever a user tries to do something that isn't allowed, the software layer will ...
0
votes
1answer
400 views
How to implement a hybrid role-based access control model?
I am writing an enterprise web-forms-frontend application for in-house use. It has Direct access control (DAC) masquerading as Role-based access control (RBAC).
For anonymization purposes, let's ...
2
votes
1answer
132 views
Should I manage authentication on my own if the alternative is very low in usability and I am already managing roles?
As a small in-house dev department, we only have experience with developing applications for our intranet. We use the existing Active Directory for user account management. It contains the accounts of ...
4
votes
2answers
171 views
What kind of permission is this? (Groups+Roles)
I'm starting to need an access control for roles in my app.
I don't know much of this, but I understand how vBulletin works:
I create groups, then give permissions to groups.
I think that what I ...
4
votes
1answer
450 views
Methodologies for Managing Users and Access?
This is something I'm having a hard time getting my head around. I think I might be making it more complicated than it is.
What I'm trying to do is develop a method to store users in a database with ...
1
vote
1answer
185 views
Control a microwave from my computer [closed]
Is there anyways I can take apart a microwave (any kind) and some how plug it into my computer and control it from my computer? Where to start... where to start...
5
votes
4answers
522 views
Why do organizations limit source code access to engineers? [closed]
Most organizations restrict access to the source code to engineers, and even at places like Google, the Android source code is kept off-limits to most engineers within the company. Why?
Note: I am ...
2
votes
1answer
84 views
What is a good overview of options for access controls/permissions?
I'm in the process of designing the access control portion of a moderately complex application, but I feel like I'm re-discovering a lot of wheels.
Does there exist a good overview of the "access ...
2
votes
1answer
236 views
How to Implement Restricted Access to Application Features
I'm currently developing a web application, that provides some 'service' to the user. The user will have to select a 'plan' according to which she/he will be allowed to perform application specific ...
2
votes
2answers
194 views
Duplication of view access control logic in database queries and application component
Our web application has a complex access control system which incorporates role-based and object-level privileges.
In the business logic layer, this is implemented by a component that obtains (and ...
2
votes
2answers
195 views
Coding user rights
Imagine a system which has a number of functions and a number of users. A user must have rights to a specific function. Users may belong to a group. A group may belong to a group.
So as a simple ...
