acl

Forum authorization/acl

Hey SO. I'm throwing together a fun little (or not so little) community application. The current permission system is using the users->roles->permissions approach. This all works well until I come to building a forum-ish component, as the current system only allows for a "global" control over the entire board, and not specific forums. ...

ACL on field level in Grails

Hello, in our new software project, we have the following requirement: A webpage shall show a set of data. This data shall be editable by some users (assigned to roles, i.e. manager), and only viewable by others. The tricky part is described by an example: A User-page consists of address data and account information. The addess data sha...

Doing the CakePHP Acl tutorial. I can't seem to populate aros_acos.

I could've sworn I've done the tutorial correctly, but I am getting an error message and my aros_acos table is empty. What I've already done: On this page: http://book.cakephp.org/view/646/Creating-ACOs I've run "cake acl create aco root controllers" and it returned "New Aco 'controllers' created.". I've also added "$this->Auth->actio...

Secure a registry key via ACL to remove all access to non administrators

I'm trying to lock down a registry key with some important information that must be accessible at the client machine, I do not wan't non-administrators to have access to this key. If you are an admin you'll already be able to do more damage than what I'm storing in the key. What I'm currently looking to do is this: //Allow access only...

CakePHP ACL - On the fly permission management?

Greetings! im pretty new to cakePHP and just starting to use the ACL feature. From the outside it looks quite ok, but when i started using it.. well its not that ok anymore :) Im working on an application with an administration backend in which i need to be able to change group permissions on the fly. I tortured google for quite a whil...

Block anything with a particular file extension - SQUID ACL

Hello, I want to block a particular file extension acl mp3_ext url_regex s-i *.mp3 Where .mp3 is the file extension Thanks Jean ...

How to represent different application domains in an ACL?

I am working on a web application where different user groups have different access to resources. So far nothing special I guess, but there is a caveat; the application is divided into "domains" so that each of our client organizations has their own content. Here I am using a simpler model to illustrate my problem. Each domain has the...

Can SharePoint web services be used to retrieve the ACL for a document or folder in a SharePoint document library?

I would like to use SharePoint web services to retrieve files and folders from a SharePoint document library along with any ACL associated with each. I know I can get the files and folders but I don't know if there is a way to get the ACLs. Is this possible? Thanks ...

CakePHP ACL confusion, how do I apply ACLs to objects, not actions?

Can anyone suggest a scalable design pattern for implementing access control on Photos and Albums, each with individual privacy settings (i.e. owner, group member, public)? I'm using CakePHP, and the examples I have read on the ACL component seem to control access to controller/actions, not objects themselves. It seems to get out of ha...

Visual modelling of permissions

I have come into the habit of hand-sketching various diagrams for software I create. My software is mostly for the web. I use E-R diagramming for the data logic (model of MVC) , and a personally invented diagram style for the interactions -- what pages lead to which other ones and what do they do, i.e. the views & controllers of MVC. Th...

CRUD Admins: Why not use MySQL users for auth/acl instead of User/Group tables?

In several frameworks (symfony/Django), you have admin generators that usually control access via a User table (which assigns a user to a specified Group table). I'm curious, why not simply use MySQL's actual users (with select/read/write access already baked in) instead? ...

.NET RegistrySecurity API handling of non-canonical ACLs: Handling approach

I'm attempting to add in an access rule to a RegistryKey like so: using ( RegistryKey registry = OpenOrCreateMyKey() ) { RegistrySecurity security = registry.GetAccessControl(); security.AddAccessRule( new RegistryAccessRule( new SecurityIdentifier( WellKnownSidType.BuiltinUsersSid, null ), RegistryRights.WriteKe...

What is an ACL owner?

I have found three possibilities for what is calls an "ACL owner" in the wild: The owner is the protected resource. That's the way EAz goes. The ACL owner is the user whow owns and edits the ACL. (like in java.security.acl.Acl or POSIX ACL) The user owns the protected resource and the protected resource owns the ACL. So the user owns ...

How to connect ACLs with protected resources?

What is the best way to connect an ACL with the protected resource? 1) Should the protected resource hold a reference to its ACL? interface AclHolder { Acl getAcl(); } This would be simple, but if the object lives in a database it has to be constructed before it is possible to check access rights. 2) Spring Security uses a mec...

Where to manage ACL inheritance?

Where should I best manage a hierarchy of ACLs? I see three possibilities to manage a hierarchy of ACLs: 1) The ACLs themselves manage the hierarchy: class Acl { Acl parent; // ... } 2) Constructing a separate tree structure to manage the hierarchy. 3) Using an already existing hierarchy as the implicit hierarchy for ACLs (like...

Inherit Access Control Entries or complet Access Control Lists (ACL)?

I wonder if complete ACLs or only their Access Control Entries (ACE) should be inherited. It would be simple if the children replace the whole ACL, but it would be limitting if only an additional ACE should be added. If ACEs can be inherited, I think I would need negative rights, because otherwise all rights beginning from the root ACL...

UI design pattern for true/false/null (for inheritance of values)?

Hi there. I'm trying my best to figure out a succinct, straightforward widget, using standard UI widgets available in any toolkit (e.g., checkboxes, radio buttons, or listboxes), that could model a true/false/null value. Why am I trying to do this? I'm storing a tree in a database (go ahead, criticise me for storing hierarchical informa...

Role based domain class field access in grails

Hi I am developing a grails application.In that some cases I want to control the domain class fields based on the role.So that in each call to getter setter method of domain class I want to apply some filter based on role(Logged in user's role).I am assuming that grails will create getter setter method at runtime for the domin classes.S...

Class name for unix-like permission object

I have a class to store unix-like permissions for user, group and other. In principle it is a limited access control list but I don't want to name it ACL, because usually an ACL is something different. The class looks basically like this: class X { boolean userRead, userWrite, userExecute; boolean groupRead, groupWrite, groupExecut...

Alternative to SetNamedSecurityInfo to force a file to refresh its inheritable permissions

I'm having a problem where we create a file in temp and then move to our application directory, and we've found that a moved file does not inherit permissions from its new parent folder. I know I could use File.Copy (as creating a new file will inherit the permissions), but for performance reasons we don't want to do this. The site ref...