gnumed-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft Re: [Gnumed-devel] Managing users: restricting access within G

From: Jim Busser
Subject: Re: draft Re: [Gnumed-devel] Managing users: restricting access within GNUmed
Date: Fri, 07 Aug 2009 07:07:04 -0700
Would the logged-in identity (person) require a different [userid?] and password or can the user login uniquely and let the software logic ascertain that the user has a role (and database account) compatible with the desired access / function?

Presumably the creation and saving of a role should fail on failure to create a new db_user (e.g. a person hacking without knowing gm-dbo). Therefore if their role exists there must exist a db_user.

If a user is required to work under only one role at any one time, when the user would logon with their userid and password, maybe they could select from a listing the role that they intend to serve. Maybe on being refused a function they could be reminded "Are you in the right role" and could switch roles?

On 7-Aug-09, at 5:11 AM, Karsten Hilbert wrote:

They would simply get another database account for each

role. In dem.staff:


- each db_user can only exist once

- each association of db_user and fk_role must be unique

  thereby by extension each db_user can only have one role


I shall add the restriction that


- each association of fk_role and fk_identity must be unique


Thus, each fk_identity can have several fk_roles but must

have a different db_user for each :-)


reply via email to
[Prev in Thread] Current Thread [Next in Thread]