Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Authorization and Permissions 4 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • There are often classes of actors and subsets of data specific to those actors. A user might have read access (and perhaps change request permission for) his own data but no access to the data for anyone else. A salesman can access and change data for his clients' current info but might have no access to historical info or info for clients of other salesmen. The salesman might only be able to approve some forms of customer requested changes, others might require a manager. Different info elements (withi
    • Thats not hugely application specific.

      You can apply general rules for the general cases and apply subclassing or plugins or triggers or whatever to handle the edge cases.

      It boils down to can this person or group do this action on this data (or just do this action).

      --

      @JAPH = qw(Hacker Perl Another Just);
      print reverse @JAPH;
      • Consider a rule: The manager of the manager of the salesman of a customer is allowed to cancel a transaction as long as it is for less than $1000.

        To apply that rule means knowing how the corporate/business relationships are mapped, which fields determine a transaction, how to determine the aggregate total value of the components of a transaction, ... The rules would have to be written in something like SQL, with a database description of the data involved before a generic authorization module could be us

        • Thats beyond the scope of general authorisation in the general sense and well into the application. Its a business rule which changes from business to business.

          In this scenario, the ammount may be different for each type of transaction. It would be better for the application to check the authorisation using a standard interface but handling the specifics itself.

          --

          @JAPH = qw(Hacker Perl Another Just);
          print reverse @JAPH;
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.