Search Postgresql Archives

Re: Access Control System - Design

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andre Lopes wrote:
Hi,

I need to implement a "Access Control System", but I don't have any clue of what it is the ideal system... I will try to explain my problem...

I have 4 levels of users in my web application, "Super Administrator", "Administrator", "Manager" and "Worker".

The database have data from more than one company. But all different companies belong to the same group of bussiness.

So... the . "Super Administrator" will access to the data of all companies . "Administrator" will access to the data of only one company(his company) . "Manager" will access to the data of a region of only one company AND all actions must be confirmed by the "Administrator". . "Worker" will access only to the data that he inserts to the system AND all actions must be confirmed by the "Manager" of his region.

your workflow management sounds like it will need to be enforced by the business logic of your web application, as postgres roles won't have anywhere near that level granularity, nor will they support any sort of approval requirements.

most likely, the business logic will just use one postgres role which grants it access to the whole database, and all finer granularity management, including your approval rules will be in that business logic. You'd have table(s) for your workers and managers and administrators with links to their parent approvals. no users except the database administrators would have direct access to the actual database, instead, all production operations would pass through your business logic layer.

as to how you implement this approval process, well, pending change requests could go into a pending approval queue/table and generate the appropriate notifications, then when the various managers/administrators browse and make these approvals, the state is advanced until the actual changes can be committed to the real data tables.

--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux