[[TOC]]
= S3 Authentication, Authorization and Accounting =

'''Authentication''' is the act of establishing or confirming someone's identity.[[BR]]
'''Authorization''' is the concept of allowing access to resources only to those permitted to use them.[[BR]]
'''Accounting''' refers to the tracking of user actions - an audit trail.

== Overview ==

AAA functions for S3 are implemented in the {{{modules/s3/s3aaa.py}}} module. This module extends the web2py Auth class as AuthS3 (Authentication), and defines additional classes for role management, access control and audit.

  ||'''Component'''||'''Location'''||'''Function'''||
  ||AuthS3||modules/s3/s3aaa.py||Authentication, Login||
  ||S3Permission||modules/s3/s3aaa.py||Authorization of Access, ACLs||
  ||S3Audit||modules/s3/s3aaa.py||Data access logging, audit trail||
  ||S3RoleManager||modules/s3/s3aaa.py||RESTful method to manage roles and ACLs||
  ||Admin controllers||controllers/admin.py||User Management, role management||

== Roles ==

== ACLs ==

=== Record Ownership ===

=== Controller Restriction ===

=== Resource Restriction ===

== Implementation of Access Control ==

=== s3_has_permission ===

=== s3_accessible_query ===

== Data Access Logging (Audit) ==

== Authentication ==

=== Interactive Login ===

=== HTTP Simple Authentication ===

----
[wiki:DeveloperGuidelinesS3Framework]