Background: I have an application with a relatively complex Access Control List. It has resources that inherit tasks from other resources, as well as add their own, and so forth. To ease development and for documentation purposes, I'd like to be able to create charts/graphs of my ACL. Now, I'm not too familiar with UML, but it seems li...
I've got rails_authorization_plugin up and running with models. What's the best way to implement permission checks on my site? I have complicated conditions for when an instance of an object should be visible, is there an efficient way to chain them together so I'm not fetching multiple sets of data and grinding my DB as a result of lo...
I've spent some time casually mulling over ACLs in my head. I can see the real benefit of ACLs and their flexibility. But I have some serious concerns when it comes to implementing ACLs for a project that could have hundreds of thousands of users , if not millions. All connected someway to hundreds of thousands of resources (such as imag...
I tried a couple of things: S3Browse, the RightAws Ruby gem and other tools. All allow granting access on an individual key basis, but I wasn't able to set the ACL on buckets. Actually, I set the ACL on the bucket, no errors are returned. But when I refresh or check in another tool, the bucket's ACL is reset to owner only. I want to g...
How do Windows NT (especially XP, Vista and Server 2008) ACLs (access control lists) work? What is the basic philosophy underlying them, that is, exactly what is stored, conceptually, in the ACLs, and how are access permissions evaluated based on the stored information? What are the basic, command line and otherwise, utilities for manag...
When an application saves a file, a typical model is to save the file to a temporary location, then move the temporary file to the final location. In some cases that "move" becomes "replace". In pseudo code: Save temp file; if final file exists delete final file; move temp file to final filename; There's a window in there where ...
Hi, I want to control access for unregisteres/unlogged users using Acl - i've setup it , tested it's working i can create new groups , users, add user to group and setup group premissions for specific controller actions I've created usergroup called unregistered and user called temp but have no idea how to assign (map) unlogged perso...
Hi guys, I got stuck with this. I need to get permission info of NTFS files with Java or C++. Those info should be stored in Access Control List (ACL), but I don't know how to retrieve them with Java or C++. Thanks for your help! ...
Hey guys, I just created a plugin to go with my site to make sure a user is authenticated before performing an action. This is the plugin: class Booze_Plugin_AclPlugin extends Zend_Controller_Plugin_Abstract{ public function preDispatch(Zend_Controller_Request_Abstract $request) { $auth = Booze_Permissions_Auth::getInstance(); ...
I am wondering if there is a way to check a users permissions against an ACL in c#. I am building a large system that is going to use active directory for authentication and I would like to use as much of windows security plumbing as I can. After spending the last couple of hours browsing the System.Security.AccessControl I am not sure t...
What is the opinion of everyone out there about having local admin rights for a developer on their local machine? Or at least the ability to do it such as through runas without having to rely on someone else? ...
So, for my clients to who have sites hosted on my server, I create user accounts, with standard home folders inside /home. I setup an SSH jail for all the collective users, because I really am against using a separate FTP server. Then, I installed ACL and added acl to my /etc/fstab — all good. I cd into /home and chmod 700 ./*. At th...
Are there any ways in OS X to clone the permissions of one folder to another. Just to be clear, I don't want to copy the entire folder, just the permissions and then set them on another folder. I think this type of thing could be achieved on Linux/UNIX using the setfacl/getfacl commands, but I'm unsure on how to do this with OS X. Thank...
Hi Do you know any design patterns for implementing a CRUD-level locking on objects, meaning, for one instance of an object, I should be able to specify different access control level for each of the operations (Create, Read, Update, Delete). For example, person A may read and update object Z, but may not delete it. Person B can read, u...
Hello, I'm trying to implement an authentication/authorization combo into my cakePHP site using Auth and Acl Components, but something odd is happening with my implementation. I've got the right acos, aros and aros_acos tables, and they seem to work at some level. I have mapped my actions like this: $this->Auth->mapActions(array('rea...
Hi Guys, I've been having problems programatically assigning permissions to Folders / Registry entries. I have managed to assign inheriting permissions using the following code: FileSystemAccessRule rule = new FileSystemAccessRule(LOGON_USER_NAME, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.Object...
NOTE: This is a complete re-write of this question. I'd previously conflated some ACL issues with the problem I'm hunting, which is probably why there were no answers. I have a windows service that uses the standard open/close/write routines to write a log file (it reads stuff from a pipe and stuffs it into the log). A new log file is o...
Implementing authentication with Authlogic, and role-based acl with Acl9, does a method exist, that will return what the role requirements are to access a given controller action? ...
So I am trying to modify the permissions for the BUILTIN\Users group to at least have the Modify file system access right. Unfortunately, my attempts at using the below code produce unchanged ACL. SecurityIdentifier usersSecurityIdentifier = ntAccount.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; ...
We recently were forced to move to a new domain server half-way around the world. This may not seem like much of a change, but one of the processes that we run frequently has suddenly gone form a 2-second command to a 5-minute command. The reason? We are updating the permissions on many directories based on a "template" directory struct...