Andre Lopes wrote:
Hi,
I need to implement a "Access Control System", but I don't have any
clue of what it is the ideal system... I will try to explain my problem...
I have 4 levels of users in my web application, "Super Administrator",
"Administrator", "Manager" and "Worker".
The database have data from more than one company. But all different
companies belong to the same group of bussiness.
So... the . "Super Administrator" will access to the data of all
companies
. "Administrator" will access to the data of only one
company(his company)
. "Manager" will access to the data of a region of only
one company AND all actions must be confirmed by the "Administrator".
. "Worker" will access only to the data that he inserts
to the system AND all actions must be confirmed by the "Manager" of
his region.
your workflow management sounds like it will need to be enforced by the
business logic of your web application, as postgres roles won't have
anywhere near that level granularity, nor will they support any sort of
approval requirements.
most likely, the business logic will just use one postgres role which
grants it access to the whole database, and all finer granularity
management, including your approval rules will be in that business
logic. You'd have table(s) for your workers and managers and
administrators with links to their parent approvals. no users except
the database administrators would have direct access to the actual
database, instead, all production operations would pass through your
business logic layer.
as to how you implement this approval process, well, pending change
requests could go into a pending approval queue/table and generate the
appropriate notifications, then when the various managers/administrators
browse and make these approvals, the state is advanced until the actual
changes can be committed to the real data tables.
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
