Re: draft Re: [Gnumed-devel] Managing users: restricting access within GNUmed

[Jim Busser]

On 7-Aug-09, at 7:25 AM, Karsten Hilbert wrote:

The role is already restricted to the one set in dem.staff

by the database account used for logging in.

Therefore users do not really log in as "themselves" (as individuals) despite that from a human point of view it might be a nice way to work.

Users naively log in as "I am a database account, that has been attached to a role that I have been allowed."

Moot when users have a single role, or a meta-role that builds in (and allows the user, in the same login) all of the access rights and functionality that they need.

It is just that when an individual has more than one role, it is extra overhead to manage these account passwords... there should be an open-id like approach in which the database account userid is the individual@ that role, and the user authentication for access to the account would accept whatever the user would maintain (or update) as their individual password. 

This could be GNUmed 1.x or 2.x ... I am only thinking we should intend the *capability* to not have to subject people to the same problems *within* GNUmed as they already have to suffer using multiple applications, each of which involves separate accounts and passwords, in the same institution.