Changes between Version 10 and Version 11 of Modules/Auth


Ignore:
Timestamp:
2010-12-13T15:35:24+01:00 (14 years ago)
Author:
Erik Roos
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Modules/Auth

    v10 v11  
    22== Requirements list ==
    33=== Authentication ===
     4 * Forms of Authentication:
     5  * Database (user-pass)
     6  * OpenID
     7  * IP-based
     8  * LDAP-based + specific flavors like RUG and UMCG login
    49 * Registration of users includes email verification
    510 * Users should be able to login and logout
     11 * Users should be able to change their passwords
    612
    713=== Authorization ===
    8  * Resources are tables, rows, columns, files (for pipelines?)
     14 * Resources are tables, rows, columns, query-sets (e.g. only the Lengths in rows where Length > 1.80m), files (for pipelines)
    915 * Subjects are users, groups, public users (unauthenticated) and exactly one administrator
    10  * Permissions include read, write, execute (for pipelines?) and ownership
    11  * Resources must have exactly one user with ownership rights
     16 * Permissions include read, write (also implies delete), execute (for pipelines) and ownership
     17 * Resources must have exactly one owner; this can either be a user or a group. The latter option is not preferable for us and needs to be set explicitly by the administrator.
    1218 * Permissions are provided for resources x subjects
    1319 * The administrator has all permissions excluding ownership on all resources
    14  * Authenticated users can request permissions for resources. Requests are sent to the user with ownership rights of the resource.
     20 * Authenticated users can request permissions for resources. Requests are sent to the user or group with ownership rights of the resource.
    1521 * Groups can be created by users who have write rights on the MolgenisGroup table. The administrator is the owner of the MolgenisGroup table and can delegate rights to other users.
    1622 * In case of an UpdateDatabase all permissions are reset (except for administrator)
    17  * The public user has reading permissions on all resources
    18  * Administrator can pass on permissions from parent tables to child tables with a toggle button
     23 * The public user has by default no reading permissions on any resource, unless explicitly set by the administrator.
     24 * Administrator can pass on permissions from parent tables to child tables and between xref-linked tables with a toggle button
    1925
    2026=== Example ===