473,574 Members | 2,331 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Role-based Access Control (RBAC)

Is anyone aware of robust software, suited to a preexisting PHP
application, that handles permissions for various types of requests by
role rather than user ID? I'm speaking of maintaining/editing the
permissions and deciding on the requests, but either "half" of the
solution might be useful.

Sorry, but adopting a whole application framework is out of the question.

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 28 '06 #1
5 4452
Michael Vilain <vi****@spamcop .netwrites:
In article <pc************ *@panix1.panix. com>,
Lewis Perin <pe***@panix.co mwrote:
Is anyone aware of robust software, suited to a preexisting PHP
application, that handles permissions for various types of requests by
role rather than user ID? I'm speaking of maintaining/editing the
permissions and deciding on the requests, but either "half" of the
solution might be useful.

Sorry, but adopting a whole application framework is out of the question.

If you're running php scripts in the command line rather than on a
web-server, you might benefit from running from within RBAC (on Solaris,
no?) or sudo (close enough to have 7 alleals in common).

But if you're running from the web, your process runs under the web
server's UID. I fail to see how RBAC might help in that situation.
I didn't mean RBAC, the Solaris concept of fine-grained superuser
privileges; I meant RBAC, the more general concept of role-based
access control, in this case applied to the user roles, operations,
and resources within a Web-based PHP application.
What are you attempting to achieve here rather than asking about a
specific solution?
To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.

(By being this abstract, I'm not trying to be mysterious; I'm just
trying to state the problem clearly.)

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 28 '06 #2
hmm
In article <vi************ **************@ comcast.dca.gig anews.com>,
vi****@spamcop. net says...

To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.
group privileges ?
Nov 29 '06 #3

If you can somehow export the privileges (and roles, if existing)
structure to a text file, you can use Eurekify's software to analyze
it, engineer/re-engineer the roles, cleanup, check for compliance, etc.
Take a look at http://www.eurekify.com

hm*@eh.com wrote:
In article <vi************ **************@ comcast.dca.gig anews.com>,
vi****@spamcop. net says...
>
To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.

group privileges ?
Nov 29 '06 #4
hm*@eh.com writes:
In article <vi************ **************@ comcast.dca.gig anews.com>,
vi****@spamcop. net says...
>
To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.
Actually, that was me.
group privileges ?
You might call it that, but please see above.

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 29 '06 #5
Lewis Perin <pe***@panix.co mwrites:
Is anyone aware of robust software, suited to a preexisting PHP
application, that handles permissions for various types of requests by
role rather than user ID? I'm speaking of maintaining/editing the
permissions and deciding on the requests, but either "half" of the
solution might be useful.

Sorry, but adopting a whole application framework is out of the question.
Cringing about following up my own post, I wonder if anyone out there
can talk from experience about using LiveUser?

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 29 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
6073
by: Ralf | last post by:
Hi ! When I insert a new record to a table "table_A" I want to Grant a Role "Role_X" to the User "User_Y". So I made a Trigger who should do this work, but it doesn't: When I write: "GRANT Role_X TO User_Y" in the Trigger: --> my Trigger ist invalid (error = ora-04098) When I declare a varchar-Variable within the trigger, fill it with:
1
8020
by: MEG | last post by:
Hi, I am trying to do some authentification in a form and have run into a problem. The user types the usename/password into a couple of fields and presses the login button. The button trigger PL/SQL looks like this : DECLARE uservar VARCHAR2(15) := '';
2
8554
by: Ted | last post by:
How do I grant all privileges for a schema that has a large number of existing tables, procedures, functions, etc to a newly created role, without having to issue a grant statement for each object and each privilege? I want the role to have all of the rights of the schema owner. Is there any kind of blanket granting of all privileges to a...
2
5434
by: gudia | last post by:
How would I, using a sql script, copy permissions assigned to a user or a role in one or more databases to another user or a role in their respective databases? Help appreciated
3
7538
by: Filipe Henriques | last post by:
Hello, I'm having some problems using the Report Manager, but I *really* need to make a role assignment now. Can't wait to have the problem with Report Manager solved. So, I would like to make this role assignment directly in the ReportServer database, using the SP SetPolicy or some other SP. I'm looking for the equivalent of making the...
9
5273
by: Thom Little | last post by:
I seem to (once again) be missing something pretty basic. I am running under Windows XP Professional Service Pack 1 with all Hotfixes installed and Visual Studio .NET 2003 in Debug mode. The following reports "You have the >Administrator< role." using System.Security.Principal ; using System.Security.Permissions ;
2
1253
by: John Yopp | last post by:
I have created my own custom Membership and Role providers and everything works fine. However, I want to be able to determine if the user is in a particular role when I am validating the user. Since this code is already part of my Role Provide, does anyone know how to reference the current instance of the Role Provider so that I don't have...
1
4795
by: CK | last post by:
Does anyone have any experience with this? We have an exisitng sql database with user and role info. I need to write a custom role provider to use this data. Does anyone have any examples of this being done? I have googled it and I see on MSDN an XMLReadOnlyRoleProvider. I need something similiar to this. When writing a custom role provider,...
7
5230
by: monty | last post by:
Hi All, I am facing a problem while executing a statement through C++ code using OLEDB API of Sql server. There is a problem with DB_OWNER role. If I will enable the DB_OWNER everything is going fine but if I will remove this role than I am getting error "DB_E_ERRORSINCOMMAND". But if I will execute the same in query analyser it is...
2
1874
by: Anthony Smith | last post by:
I have a user object that is set when a user logs in. There are also permissions that I get about the user from a web service. Currently I take the results from those web services and store them as XML in the user object so I can parse it when I need to look at them. I wanted to turn the xml permissions into ROle objects, but does that mean...
0
7828
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7742
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8260
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7840
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8127
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6493
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
3765
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
2257
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1362
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.