Differences

This shows you the differences between two versions of the page.

dev:security [2008/05/01 06:47]
fran + Implementation section
dev:security [2009/07/06 20:36] (current)
Line 41: Line 41:
| Not Sensitive | All | | Not Sensitive | All |
| Unclassified | MainOps, OrgHead, Trusted | | Unclassified | MainOps, OrgHead, Trusted |
 +
 +
===== Implementation ===== ===== Implementation =====
Line 46: Line 48:
__Implemented in version 0.6__ __Implemented in version 0.6__
-Minimal requirement to implment ACL in a new module is to include a proper [[secpolicyxml|sec_policy.xml]].+Minimal requirement to implement ACL in a new module is to include a proper [[secpolicyxml|sec_policy.xml]].
If it also requires new tables, data classification levels or roles, then they need to add them to "mysql-config.sql". e.g.: If it also requires new tables, data classification levels or roles, then they need to add them to "mysql-config.sql". e.g.:
Line 54: Line 56:
The necessary headers (lib_acl.inc, lib_auth.inc) are already included via the front controller, so don't need including again. The necessary headers (lib_acl.inc, lib_auth.inc) are already included via the front controller, so don't need including again.
-These functions need to be used to check ACL:+These functions used to check ACL should be left to the framework & not used directly by modules:
  shn_acl_get_state()   shn_acl_get_state()
  shn_acl_check_perms_action()   shn_acl_check_perms_action()
Line 74: Line 76:
 +===== New action wise security draft ===== 
 +  * [[new_acl | New Architecture]]

Navigation
  • Navigate