Tuong Do
|
| Posted: 08/10/2005, 6:51 PM |
|
CCS can be easily extended so that login in users can belong to more than 1
group.
With the current model we have a User table that has field (User ID, Login
Name, Password, Group ID)
CCS can extend this with an extra table say call it Groups table which must
has field (Row ID, User ID, Group ID)
So when a user login CCS will scan the Groups table based on the User ID
field.
If there is any record in the Groups table then CCS will store a session
variable MultipleGroupID
If there are more than one record in the Group table for that User ID then
the value of Session varable MultipleGroupID will as follows:
"1,4,25"
This mean that this login user is belonged to group 1 and 4 and 25 and also
what ever the value in the session variable GroupID.
So for each page if security is enabled then the page only need to check on
the value of the session GroupID, MultipleGroupID.
If this is built in within CCS then we could an application taht has a
complicated security model with ease.
|
|
|
 |
Cass
Posts: 26
|
| Posted: 09/17/2005, 1:38 AM |
|
Hi,
I'd like to support this wish. The way we have it at the moment, the security of a page or form is decided at design time. Each page or form can be assigned a number of security groups, and a user can belong to one group, wgich can be specified at run-time.
But, for more flexibility, it would be nice to work ion the reverse fashion, more in line with normal CMS user-to-resource permissions model.
This means, each form or page is assigned a resource group type, and a user is allowed to belong to any number of different resource group types. This allows resources built at design time to be given the resource type, and the permissions to use the various resources can then be given to users at run-time.
Can be worked around now, but a more flexible model would be great to see some time in version 3.5 or 4.x.
Cheers,
Cass.
|
 |
|
Vasiliy
Posts: 378
|
| Posted: 09/18/2005, 8:06 AM |
|
I'd be happy to see a role-based security model (RB) in CCS4.
Simple, powerful and widely used security solution.
I use it in my products for last 6 years. Not perfect, but much better than current CCS security model, and implementation is similar.
Example:
http://www.denisova.com/SC_Video/RoleBasedSecurity_2005_09_18.gif
_________________
Vasiliy |
|
|
|
|
