[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UU Database

To: uu@total-knowledge.com
Subject: Re: UU Database
From: "Alexey Parshin" <alexeyp@gmail.com>
Date: Wed, 12 Apr 2006 09:16:31 +1000
Delivered-to: mailing list uu@total-knowledge.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=iJshfHyrWUDox6F+WBVfQ0uELKpqCZpJSCNN4iB8K1R6a/JchXkfYthIgH9cqmHi6J0tHcW6m3tfDEz0K/rblMTgPKwanZfSby9oINgW8gt2WXbaJwgj72Fz2tcSgOfSIUR/WDxT96LjEbDC6a1gn4FGiT9MEI5DvNSfxVgsIF8=
In-reply-to: <443C3616.3010001@total-knowledge.com>
Mailing-list: contact uu-help@total-knowledge.com; run by ezmlm
References: <443BE6A4.1030302@total-knowledge.com> <a75bc3cf0604111444r6fd370a3x777e2d9bfd31fef9@mail.gmail.com> <443C253B.40003@total-knowledge.com> <a75bc3cf0604111557j5514843emb4120226e27eddf@mail.gmail.com> <443C3616.3010001@total-knowledge.com>

Role is a maximum allowed access level. If we have a teacher, he may be also a student, but he is still not admin. For the large mass of users, they would be just students. For the particular course, we can also determine a role for anybody. So, if the role allows - the person may make changes, for instance. I'm pretty, that most changes would require to open screen for editing an object. In this case - user gets his role from authorization routine. BTW, authorization should be done as a stored proc, also. We gotta keep user information (name,pass,courses/roles) in the database, anyway, and probably in some encripted format.
In my understanding, passing the username, pass, and a project should return a role name, or an error if something isn't right.

2006/4/12, Ilya A. Volynets-Evenbakh < ilya@total-knowledge.com>:

OK. So we are clear on the fact that application will provide access
control.
Now on to "roles" - one thing that should be understood is that we don't
have
application-wide roles. i.e. I can be course creator/author for course
X, but
will be a student for course Y. Furthermore - there is even more
granularity:
we have a concept of shared objects (most of things can be shared between
courses in fact). I.E. I can create a problem, that will be reused by
multiple
courses, or an explanation. I'm not sure about whole topics yet, but
probably
they can be shared as well. Thus an author may not have edit rights to all
of objects within his course. So, where does the concept of role fit in this
picture?

Alexey Parshin wrote:

> Frankly, I don't really care - which way we assign a role to a user.
> We may have the table that translates a user name/password into a
> role. Or, we can go any other way. The important part is - we
> shouldn't work with users, but only with roles. When a user John Doe
> logs in the webface - he provides a user name/password. We verify his
> credentials, and set the role for the session. Even if the database
> doesn't support roles - in this case we may use a database user as a
> role.

--
Ilya A. Volynets-Evenbakh
Total Knowledge. CTO
http://www.total-knowledge.com

--
Alexey Parshin,
http://www.sptk.net

Follow-Ups:
- Re: UU Database
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>

References:
- UU Database
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>
- Re: UU Database
  - From: "Alexey Parshin" <alexeyp@gmail.com>
- Re: UU Database
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>
- Re: UU Database
  - From: "Alexey Parshin" <alexeyp@gmail.com>
- Re: UU Database
  - From: "Ilya A. Volynets-Evenbakh" <ilya@total-knowledge.com>

Prev by Date: Re: UU Database
Next by Date: Re: UU Database
Previous by thread: Re: UU Database
Next by thread: Re: UU Database
Index(es):
- Date
- Thread

UniverseUniversity

uu

Re: UU Database