Changes between Version 14 and Version 15 of UserGuidelines/Admin/Permissions


Ignore:
Timestamp:
01/05/15 14:55:37 (10 years ago)
Author:
Fran Boon
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UserGuidelines/Admin/Permissions

    v14 v15  
    1414If all you need to do is to limit access to the controllers within 1 module, then this can be done whilst staying in the simple security policy.
    1515
    16 You can configure options in the modules configuration in {{{private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
     16You can configure options in the modules configuration in {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
    1717* Add an {{{access = "|x|",}}} line to the relevant module section.
    1818 * 'x' is the ID of the role that should be allowed access to the module
     
    2020
    2121== Control access to Functions & Tables ==
    22 You need to go up to security level 4, or above, in your {{{private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
     22You need to go up to security level 4, or above, in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
    2323{{{
    2424settings.security.policy = 3 # Apply Controller ACLs
     
    3434* These permissions would normally be set via [DeveloperGuidelines/PrePopulate PrePopulate] but there is a powerful API available to add/modify roles via CLI scripts & it is also possible to do it by directly modifying the database.
    3535
    36 In order for these checks to be done, then you need to set that module as {{{restricted=True}}} in your {{{private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
     36In order for these checks to be done, then you need to set that module as {{{restricted=True}}} in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
    3737* [wiki:S3AAA#ControllerRestriction]
    3838
    3939== Control access to Tables ==
    40 If you want to control access to the data in a table, no matter by which controller it is accessed, then you need to go up to security level 5, or above, in your {{{private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
     40If you want to control access to the data in a table, no matter by which controller it is accessed, then you need to go up to security level 5, or above, in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
    4141{{{
    4242settings.security.policy = 5 # Apply Controller, Function and Table ACLs
     
    5050This allows control of access by Realm - so staff of 1 Organisation can see their records of a certain type yet not those for another Organisation in the same database.
    5151
    52 You need to go up to security level 6, or above, in your {{{private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
     52You need to go up to security level 6, or above, in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}:
    5353{{{
    5454settings.security.policy = 6: Apply Controller, Function, Table ACLs and Entity Realm
     
    7676
    7777e.g.
    78 * https://github.com/flavour/eden/blob/master/private/templates/IFRC/auth_roles.csv
     78* https://github.com/flavour/eden/blob/master/modules/templates/IFRC/auth_roles.csv
    7979* Explanation of these roles: https://docs.google.com/document/d/1Jg8NfFAASOeRBALNSXLkA9bg1AcPHRXhr1V3CeA0TFA/edit
    8080