What is the best database schema to track role-based access controls for a web application? I am using Rails, but the RBAC plugin linked by Google looks unmaintained (only 300 commits to SVN; latest was almost a year ago). The concept is simple enough to implement from scratch, yet complex and important enough that it's worth getting r...
Is there an open rbac framework for asp.net? there a few solutions for rails but i cant find a simple rbac system for asp.net. is there something that can be used and extended? ...
Is there a way to get a list of roles a Windows authenticated user is in, without explicitly checking by WindowsPrincipal.IsInRole method? ...
When implementing an RBAC model using an LDAP store (I'm using Apache Directory 1.0.2 as a testbed), some of the actors are obviously mappable to specific objectClasses: Resources - I don't see a clear mapping for this one. applictionEntity seems only tangentially intended for this purposePermissions - a Permission can be viewed as a si...
In my typical app, the user clicks a button in an aspx page, invokes a C# business object, then runs a stored procedure. Should role checks be done at the top of the stack, the bottom of the stack or at every level? It seems that if a malicious user can invoke one method, he could invoke any, so for effective security, you'd need a ...
Hi, We would like your suggestions on the following :- We are developing a simple social impact game with Flex at the front-end and J2EE at the back-end. We have a few roles in the game and hence would like to have Role-Based Access Control. Few APIs we have looked at are Open Web SSO, jGuard, Yale CAS, Atlassian Seraph, Kasai, Garbiel...
This question isn't about the database design of the RBAC system itself, but rather how to use this database in conjunction with the application specific database when that web application allows its users to submit content. As it stands my RBAC should easily work for a simple back-end admin application, where staff can add and update r...
Executing Oracle RAC cluster management commands such as $ORA_CRS_HOME/bin/crs_start requires root permissions. Using Solaris RBAC (Role-Based Access Control), one can give a non-root user permissions to execute those commands, but the commands still fail internally. Example: $pfexec /opt/11.1.0/crs/bin/crs_stop SomeArg CRS-0259: Owner...
I'm using AzMan on Windows Server 2003, and I've written a management application that completely hides AzMan and the MMC from the security team. However, I'm having a hard time implementing one of the features in the MMC. I have a role called User, and a role called Branch User which contains nothing but the User role. I want to assig...
I've been reading up on (Role-Based) Access Control Lists for an upcoming project and am having some troubles figuring out how it will work for me. In the examples I've seen, they always talk about allowing and denying access to the particular actions of a controller/model. For example: the group "Visitors" can read posts, "Members" can...
Lately I've been considering the best access control model to use in my application. I've been reading on RBAC and the role concept is nice (especially if you have a huge amount of different permissions), however, I'm not sure how applicable it is to hierarchical user management like the following: Every user belongs to one or more grou...
Is there a way to query users table like this: | id | username | ----------------- | 1 | user1 | | 2 | user2 | | 3 | user3 | and user_roles table: | id_user | id_role | --------------------- | 1 | 1 | | 1 | 2 | | 1 | 3 | | 2 | 2 | | 3 | 1 | assuming that role w...
I have come into the habit of hand-sketching various diagrams for software I create. My software is mostly for the web. I use E-R diagramming for the data logic (model of MVC) , and a personally invented diagram style for the interactions -- what pages lead to which other ones and what do they do, i.e. the views & controllers of MVC. Th...
Hello, my company uses an openldap server which stores corporate user information ((username,passwd and some other information like email are stored in ldap).. Till now they only use it for authentication but now we'd like to use for authentication also, this means that we'll create roles (as ldap attributes in a new schema) and assign...
Hello, is it possible to authenticate programmatically a user in J2ee 6? Let me explain with some more details: I've got an existing Java SE project with Servlets and hibernate; where I manage manually all the authentication and access control: class Authenticator { int Id string username } Authenticator login(string username...
We are currently designing a User Roles and Permissions System in our web application (ASP.NET), and it seems that we have several cases that do no fit within the classical Role-Based Access Control (RBAC). I will post several questions, each devoted to a particular case, this being the first post. We have the following case: not to all...
We are currently designing a User Roles and Permissions System in our web application (ASP.NET), and it seems that we have several cases that do no fit within the classical Role-Based Access Control (RBAC). I will post several questions, each devoted to a particular case. This is my second question (the first question is here: http://sta...
In my job we are trying to consolidate the Authentication of the application farm with Windows Identity Fundation (WIF) or some custom component based in Membership Provider. With this, we need to provide the developers (and final users) some component that can help us with the logic of managment views by Role (RBAC - Role Based Access ...
I am implimenting role based access control in a tree structure (organization) that normally would be stored in LDAP but this time is in MySQL. Part of my requirement is to give people acccess to part of the tree. In LDAP I would use a ACI to filter part of the tree. I am just not sure on the best way to do this in PHP/MySQL. What is th...
Does anyone have any examples or know of any resources that show how to implement set theory operations in pure php? ...