The access-control tag has no wiki summary.
0
votes
0answers
29 views
Hierarchic (tree) access control
I am currently at the task to create an hierarchic user management system.
The requirements for me are to have users with rights (roles), customers with rights and groups (containers for customers ...
3
votes
1answer
317 views
Standard practices for access control (design pattern)
I'm looking at my interface design and I am struggling to decide which is the most "correct" way to implement role-based access control, given a user and a subject that the user would like to access.
...
0
votes
1answer
70 views
Using a Proxy as an ACL
I am building an MVC application in PHP, using Zend Framework.
My model includes Domain Model and Mapper layers. I am trying to keep the domain model in pristine condition and have managed to keep ...
1
vote
1answer
92 views
Restrictive routing best practices for Google App Engine with python?
Say I have a simple structure:
app = webapp2.WSGIApplication([
(r'/', 'pages.login'),
(r'/profile', 'pages.profile'),
(r'/dashboard', 'pages.dash'),
], debug=True)
Basically all pages ...
0
votes
0answers
81 views
Using a Finite State Machine for access management?
My intranet site uses LDAP and Active Directory to authenticate users. There are 2 kinds of Users: Managers and Employees. They are differentiated by having membership in a particular AD group.
In an ...
6
votes
1answer
410 views
What is the nicest (user-friendliest) way to tell a user about “Access Denied” error?
Our software implements a layer of role-based security to secure data access, in the form of access control lists. Whenever a user tries to do something that isn't allowed, the software layer will ...
0
votes
1answer
589 views
How to implement a hybrid role-based access control model?
I am writing an enterprise web-forms-frontend application for in-house use. It has Direct access control (DAC) masquerading as Role-based access control (RBAC).
For anonymization purposes, let's ...
2
votes
1answer
138 views
Should I manage authentication on my own if the alternative is very low in usability and I am already managing roles?
As a small in-house dev department, we only have experience with developing applications for our intranet. We use the existing Active Directory for user account management. It contains the accounts of ...
4
votes
2answers
201 views
What kind of permission is this? (Groups+Roles)
I'm starting to need an access control for roles in my app.
I don't know much of this, but I understand how vBulletin works:
I create groups, then give permissions to groups.
I think that what I ...
4
votes
1answer
553 views
Methodologies for Managing Users and Access?
This is something I'm having a hard time getting my head around. I think I might be making it more complicated than it is.
What I'm trying to do is develop a method to store users in a database with ...
1
vote
1answer
195 views
Control a microwave from my computer [closed]
Is there anyways I can take apart a microwave (any kind) and some how plug it into my computer and control it from my computer? Where to start... where to start...
5
votes
4answers
534 views
Why do organizations limit source code access to engineers? [closed]
Most organizations restrict access to the source code to engineers, and even at places like Google, the Android source code is kept off-limits to most engineers within the company. Why?
Note: I am ...
2
votes
1answer
90 views
What is a good overview of options for access controls/permissions?
I'm in the process of designing the access control portion of a moderately complex application, but I feel like I'm re-discovering a lot of wheels.
Does there exist a good overview of the "access ...
2
votes
1answer
243 views
How to Implement Restricted Access to Application Features
I'm currently developing a web application, that provides some 'service' to the user. The user will have to select a 'plan' according to which she/he will be allowed to perform application specific ...
2
votes
2answers
201 views
Duplication of view access control logic in database queries and application component
Our web application has a complex access control system which incorporates role-based and object-level privileges.
In the business logic layer, this is implemented by a component that obtains (and ...
2
votes
2answers
197 views
Coding user rights
Imagine a system which has a number of functions and a number of users. A user must have rights to a specific function. Users may belong to a group. A group may belong to a group.
So as a simple ...
