1 / 15

Authorized Users and Roles (Fine-grained Access) SPMS Version 8

Authorized Users and Roles (Fine-grained Access) SPMS Version 8. Matt Arena, Fermilab. Fine-grained Access. Advantages to fine-grained access Access can be defined at the page level or module level. To secure an entire package enter package name plus dot percent. (e.g. regist_maint .%)

marisa
Download Presentation

Authorized Users and Roles (Fine-grained Access) SPMS Version 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorized Users and Roles(Fine-grained Access)SPMS Version 8 Matt Arena, Fermilab

  2. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  3. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  4. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  5. Fine-grained Access • Advantages to fine-grained access • Access can be defined at the page level or module level. • To secure an entire package enter package name plus dot percent. (e.g. regist_maint.%) • To secure select procedures within a package enter package.procedure (e.g. editor.qa, repository.html). • Administrators can create as many privileges & roles required for their needs. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  6. Fine-grained Access • Disadvantages to fine-grained access • Administrators can create as many privileges & roles required for their needs. • To restrict a page it must be mapped to a privilege. • All pages restricted in V7 are restricted in V8. • URLs to most, if not all, restricted pages are not visible to the public. • V8 functionality is not different to V7. i.e. if the developer didn’t check for a privilege to a page, then it was open to the public. • Administrator must test changes to mappings. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  7. Fine-grained Access • How does this affect Conference Admins? • Most smaller conferences won’t be affected. • Initial access definitions will automatically download from the repository when the conference instance is created. • V8 access definitions seeded with V7 access definitions (extracted from the SPMS hard code). • Larger conferences (PAC, EPAC, IPAC) more likely to take advantage of this new feature. • Option to fine-tune repository mappings to serve as defaults for future conferences. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  8. Fine-grained Access • How does this affect developers? • common.header routine changed from a procedure to a function • Extracts the web page name from the Apache environment variable, • Checks for privileges required for the page, • Finds all roles for the privilege, • Finally finds all users with the role. • New common.public_header procedure for those times you don’t care about privilege (e.g. while logging in or displaying an error message). SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  9. Fine-grained Access • How does the affect the developer • New maintenance table named Applications must be “seeded” when developing new applications. • Developer should consider isolating functionality into distinct packages. Protected functionality in one package and public access in another. For example, registration vs. registration maintenance. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  10. Main Menu SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  11. Functional Roles SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  12. Privileges SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  13. Web Pages SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  14. Authorization SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

  15. Fine-grained Access • Conclusion • Fine-grained Access provides much more flexibility. • As always, increases in flexibility causes increases in complexity. SPMS and Regional Support Center Activities in North America, TM DESY, November 2009, M. Arena

More Related