-
Notifications
You must be signed in to change notification settings - Fork 0
SecurityModel
DBWiki already has a built-in authentication system with user roles.The org.dbwiki.data.security package provides fine-grained security policies.
Once you entered to the DBWiki page,you can start to use it without login on the system. However there are 3 levels of granularity for permissions:
-
Authentication mode:set by the three flags "Never login (NO AUTHENTICATION), Login for updates (WRITE-ONLY AUTHENTICATION), or Always login (FULL AUTHENTICATION)" on the "Edit Database Wiki" page, which determine whether a user needs to log in for write access or both read and write access.
-
Collection-level authorization:sets whether a user is allowed or not allowed to read insert, delete or update data for a whole collection, in the "Manage access authority" page.
-
Entry-level authorization:sets whether a user is allowed or not allowed to read insert, delete or update data for a specific entry for a collection.
The user interface of Manage Users page, to which you can access through Users on top menu, shows us the User ID, their Login Name, Full Name and whether they are Administrator or not.
There exist 4 types of permissions: Read Permission, Insert Permission, Delete Permission, Update permission. Only administrators can manage with permissions for other users with limited access. In addition, it is possible to change permissions for each entries of the database. On Manage Authorization page you can easily set permissions for all users and by going to Manage by Entries, you are able to set permissions for each entry on the database.Below there are examples on changing permissions in each authentication mode.
- Go to the main Database Wiki page
- Click on the "Edit" menu for the database whose authentication policy you want to change
- On the resulting page click on the radio button for "Login for updates (WRITE-ONLY AUTHENTICATION)"
- Below near Authorization by users click to the link "Manage access authority"
- On the resulting "Manage Authorization" page click on the radio button under Update Permission for the user you want to set.
If Alice can edit countries but the entry for concrete country, e.g. Argentina, says Alice cannot edit. It means that the collection-level authorization has a privilege on the entry-level authorization. In other words, Alice is allowed to edit Argentina, if permission is set to her as 'yes' on collection-level, even there is 'no' on entry-level for Argentina.