• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Security System Design

 
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi friends,
Currently we are onto a project which has a security module.
Here we have to manage access to various resources relating to different users, roles, groups and of course the resouces (objects).
The groups can contain users as well as groups. And same for roles. The objects may grant access to roles and/or groups.
We are looking into a number of different ideas for implementation of the logic. One of them includes having tree structure.
I would appreciate if i could get some more valuable ideas.
thanks in advance,
regards,
raghav
 
Sheriff
Posts: 7001
6
Eclipse IDE Python C++ Debian Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You've done a fine job of describing the data structure of your proposed system, but you haven't told us what operations you will need to do on it. Choosing a representation for data usually depends more on how you want to use the data than what it contains.
Do you need it to be set up for fast queries or fast updates? What sort of questions will the system routinely be asked? Will access to things typically be specified in terms of by a single role, several different roles, named group of roles, several named groups of roles, a single user, several named users, a named group of users, a mixture of users names and roles etc.?
 
Raghvendra Sharma
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Frank,
Thanks for your response.
Let me try to explain some of the typical operations that we may need. The simplest one can be change in the user priveleges or change in the object access level. Other than that there can be requirements for restructuring of roles or groups ( as i mentioned that there could be a case where groups/roles are themselves composed of other groups/roles ).
The access level speficied could be either a group of groups and/or roles or users only. So we have to try to make it more and more generic.
Of course we want to make it optimized for faster queries, since the number of queries fired shall be much greater than the change in the access levels etc. But at the same time we can not allow to degrade the upgrade performence too much since the activity shall be there, if not very frequent. We actually need to view it in terms creation of user groups /users, which shall be quite frequent.
regards
raghav..
 
If you are using a rototiller, you are doing it wrong. Even on this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic