Hi Friendly DBMan Users and Pros-
I am attempting to implement a database which requires a slightly unusual authorization scheme. It goes like this:
1. Only ADMINS can add new records.
2. LOW-LEVEL users can only VIEW their OWN record. They cannot make any changes to the database and cannot see anything else in the database but their own record. Up to here I can easily configure DBMan.
3. HIGH-LEVEL users should be able to VIEW and MODIFY only PARTICULAR records specified by the ADMINS. The ADMINS may specify one or more records that can be viewed and modified by one particular HIGH-LEVEL user.
I am beginning to realize that this scheme probably requires the addition of a second "userid" type field that will contain the userids of the HIGH-LEVEL users authorized to view and modify that record. How though do I maintain the $auth_view_own=1 function in DBMan while implementing this?
Does anyone have any suggestions or better yet a tried-and-true fix? I am not sure if my suggested approach is the best to try.
Thanks,
Lauren Stegman
I am attempting to implement a database which requires a slightly unusual authorization scheme. It goes like this:
1. Only ADMINS can add new records.
2. LOW-LEVEL users can only VIEW their OWN record. They cannot make any changes to the database and cannot see anything else in the database but their own record. Up to here I can easily configure DBMan.
3. HIGH-LEVEL users should be able to VIEW and MODIFY only PARTICULAR records specified by the ADMINS. The ADMINS may specify one or more records that can be viewed and modified by one particular HIGH-LEVEL user.
I am beginning to realize that this scheme probably requires the addition of a second "userid" type field that will contain the userids of the HIGH-LEVEL users authorized to view and modify that record. How though do I maintain the $auth_view_own=1 function in DBMan while implementing this?
Does anyone have any suggestions or better yet a tried-and-true fix? I am not sure if my suggested approach is the best to try.
Thanks,
Lauren Stegman
Complex Authorization Schemes