Re: [Gnumed-devel] Managing staff (user accounts)

[Karsten Hilbert]

> 1) gm-dbo is
> 
>       a postgres user?

correct

> 2) any-doc, jaki… are also
> 
>       postgres users ?

right

> 3) it is the postgres groups -- of which distinct users either are, or are
> not, made members -- that allows postgres to control database & table
> access as a layer of control and protection no matter what the gnumed app (or 
> a
> local user who would alter the app) would try to achieve?

Indeed. We define permissions at the lowest level possible. That is,
below the GNUmed UI (and therefore application independant).

> 4) separately, GNUmed (in its table values) defines staff accounts,

yes

> and it is the association of
> 
>       postgres user <--> gnumed staff account (if one exists and is 
> associated)
> 
>       that determines whether the GNUmed app will allow the user to (for
> example) login to the app?

That's right. Or rather: The GNUmed app first asks for a database
account and corresponding password (in the login dialog). It tries
to establish a connection with that authentication data. If that
fails it aborts. If that succeeds it checks whether the PG account
has got a GM staff associated with it. If not it fails as well.

>From then on it assumes that PG account and GNUmed staff form a
functional pair and uses each where appropriate.

>       --> thereby allowing two levels of control of access (or in one case,
> ease of access) to information?

In a way, yes.

> 5) lastly, GNUmed doesn't allow a gnumed staff account to exist without an
> associated postgres user, does it?

That's right.

Karsten

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de