Differences

This shows you the differences between two versions of the page.

dev:security [2008/04/23 19:42]
fran Link to secopilcy.xml, reorder
dev:security [2009/07/06 20:36] (current)
Line 1: Line 1:
===== Data Security and Privacy Design ===== ===== Data Security and Privacy Design =====
- 
-__Implemented in version 0.6__ 
- 
-  * [[secpolicyxml|sec_policy.xml]] 
- 
===== Introduction ===== ===== Introduction =====
Line 46: Line 41:
| Not Sensitive | All | | Not Sensitive | All |
| Unclassified | MainOps, OrgHead, Trusted | | Unclassified | MainOps, OrgHead, Trusted |
 +
 +
 +
 +===== Implementation =====
 +
 +__Implemented in version 0.6__
 +
 +Minimal requirement to implement ACL in a new module is to include a proper [[secpolicyxml|sec_policy.xml]].
 +If it also requires new tables, data classification levels or roles, then they need to add them to "mysql-config.sql". e.g.:
 +
 +  INSERT INTO sys_data_classifications VALUES ( 4, 'National Security Sensitive');
 +  INSERT INTO sys_user_groups VALUES ( 2, 'Registered User');
 +
 +The necessary headers (lib_acl.inc, lib_auth.inc) are already included via the front controller, so don't need including again.
 +
 +These functions used to check ACL should be left to the framework & not used directly by modules:
 +  shn_acl_get_state()
 +  shn_acl_check_perms_action()
 +
 +  * [[stream_security|Stream Security]]
 +  * [[http://www.cs.trincoll.edu/~gcapalbo/sahana_vm_acl/|VM ACL (proposed)]] which includes a useful description of the main Sahana ACL
===== NGO Security References ===== ===== NGO Security References =====
Line 60: Line 76:
 +===== New action wise security draft ===== 
 +  * [[new_acl | New Architecture]]

Navigation
  • Navigate