Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dev:acldesign [2008/04/14 12:05] fran Tidy-up, reformatting |
dev:acldesign [2009/07/06 20:36] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | Main Author: [[http:// | + | Important Note: This page is DEPRECATED! |
+ | The new approach is documented here: | ||
+ | * [[security | Data Security and Privacy Design]] | ||
====== Introduction ====== | ====== Introduction ====== | ||
Line 24: | Line 26: | ||
The advanced user can directly specify the permissable actions for a user for each resource without relying on roles. | The advanced user can directly specify the permissable actions for a user for each resource without relying on roles. | ||
+ | |||
Line 62: | Line 65: | ||
cannot edit. | cannot edit. | ||
+ | [[acl|More complete Example]] | ||
Though the main resource we protect is the functions, the design allows | Though the main resource we protect is the functions, the design allows | ||
Line 68: | Line 72: | ||
- | ====== Deep into the design ====== | ||
- | This implmentation is based on an open source class phpGACL (http:// | ||
- | powerful ACL capabilities. phpGACL has a very easy to understand manual, | + | |
+ | ====== Deep into the design ====== | ||
+ | This implementation is based on the open source class phpGACL: http:// | ||
+ | phpGACL has a very easy to understand manual, | ||
GACL concept is: | GACL concept is: | ||
Line 126: | Line 131: | ||
GACL provides a very easy to use API to specify ACO, ARO, AXO. | GACL provides a very easy to use API to specify ACO, ARO, AXO. | ||
- | GACL is used by many popular projects.(de.g. dotProject, Mambo) | + | Once we verify the user identity , we just need to call the API with the username(or role), with the name of the resource and the action. It will output DENY or ALLOW. |
- | see http:// | ||
- | therefore once we verify the user identity , we just need to call the API with the username(or role), with the name of the resource and the action. | + | GACL is used by many popular projects |
- | + | * see http:// | |
- | it will output DENY or ALLOW. | + | |
+ | Main Author: [[http:// | ||