Changes between Version 15 and Version 16 of Internal/Rbac/OrbitRbacDesign/ResourcesRoles


Ignore:
Timestamp:
Oct 5, 2006, 9:13:21 PM (18 years ago)
Author:
anonymous
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac/OrbitRbacDesign/ResourcesRoles

    v15 v16  
    33Roles are defined by the set of methods presented by services controlling resources to which users active in a role will be granted permission to access.  The roles defined for ORBIT will apply uniformly to each ORBIT project.  There will be no custom roles for specific projects, i.e., it is a completely orthogonal design.
    44
    5 Is it not anticipated that there will be any project-specific resources.   Any future project-specific resource first would have to integrated into ORBIT as a service so that access to it as an ORBIT resource could be controlled. Second all ORBIT roles would have to be modified, perhaps trivially, to grant or not grant access to each of the service's methods.
     5Is it not anticipated that there will be any project-specific resources.   Any future project-specific resource first would have to integrated into ORBIT as a service so that access to the methods of using it as an ORBIT resource can be controlled. Second, all ORBIT roles would have to be modified, perhaps trivially, to grant or not grant access to each of the service's methods.
    66
    77The design of the ORBIT RBAC resources and roles needs to be as extenisble as possible regarding adding resources.
     
    1111A key decision is what pairs of roles will be mutually exclusive for purposes of dynamic separation of duty, i.e., no user will be allowed to be active in both roles at the same time.
    1212
    13 The list of ORBIT Resources below is adapted from the table of resources/methods and roles on page 12 of [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.pdf Swa06]].  It has been revised to focus on the ORBIT services and methods that control the ORBIT hardware and software resources [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/orbit-software-architecture-v2-1.pdf OvSS05]].  For database methods see "An introduction to MySQL permissions" [[http://www.databasejournal.com/features/mysql/article.php/10897_3311731_2 Gil04]] or Chapter 5 "Database Administration" in the ''MySQL 3.23, 4.0, 4.1 Reference Manual'' [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/konquerorh9E2Ta.1-en.pdf MyS06a]].
     13The list of ORBIT Resources below is adapted from the table of resources and roles on page 12 of [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.pdf Swa06]].  It has been revised to focus on the methods presented to users by ORBIT services that control the ORBIT hardware and software resources [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/orbit-software-architecture-v2-1.pdf OvSS05]].  For database methods see "An introduction to MySQL permissions" [[http://www.databasejournal.com/features/mysql/article.php/10897_3311731_2 Gil04]] or Chapter 5 "Database Administration" in the ''MySQL 3.23, 4.0, 4.1 Reference Manual'' [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/konquerorh9E2Ta.1-en.pdf MyS06a]].
    1414
    1515ORBIT Resources