TOPIC: user levels
user levels 2 Years, 11 Months ago
I'd like to have the users log into the database with a password of their own choosing. But when they are logged in, they will be given abilities to use specific parts of the database according to their clearance. There should be at least 4 levels of users.
1. users that can do anything in the database
2. users that can manipulate all tables with data
3. users that can manipulate data in only some of the tables
4. users that can only manipulate their own personal tables

Does anyone have any pointers and Ideas?
Re:user levels 2 Years, 11 Months ago
There's nothing built-in to Suneido to handle "permissions" at a database level. You have to build it yourself. Which is a security weakness if you're not careful. e.g. If someone can get into the IDE they can do pretty much anything.

What we use in our applications controls access by book page i.e. the equivalent of a menu option. We recently enhanced this to allow read-only permission. For an example of this look at the Accounting download.

Past that, you're on your own. How will your application be structured? That might help to know what to suggest.
Re:user levels 2 Years, 11 Months ago
Hi Andrew, but if I edit the book of the application, then I can bypass the security checks, right?

I think Suneido is not suited for applications that need strong security... An improper use of the IDE could easily damage the application itself.
Re:user levels 2 Years, 11 Months ago
Correct. Our "permission" system is only meant to limit "normal" non-technical users.

Security built-in to the exe would be better.

You might also need to encrypt the database file itself.
Re:user levels 2 Years, 9 Months ago
What if everyone that uses the database has to have 'logged on'.
every statement that does anything starts with "if(user=xxx)" or something like that. (just thinking outloud) The xxx may have to be an encrypted variable within some kind of hidden data base. I don't know...
Re:user levels 2 Years, 9 Months ago
Yes, that would work for a certain level of security, and would not be too hard to implement.

It is a complicated issue. If the database is not encrypted, you can still scrape data out of, bypassing suneido. Or someone can re-compile their own version of suneido with the security stripped out. Encrypting the database isn't hard, but doing it in a way that can't be cracked is. e.g. where do you store the encryption key and how do you prevent people from getting access to it. I am sure there are approaches for handling this kind of stuff, but I only know enough to know it is hard to get right.