Changes between Version 14 and Version 15 of UserGuidelines/Admin/Permissions
- Timestamp:
- 01/05/15 14:55:37 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
UserGuidelines/Admin/Permissions
v14 v15 14 14 If all you need to do is to limit access to the controllers within 1 module, then this can be done whilst staying in the simple security policy. 15 15 16 You can configure options in the modules configuration in {{{ private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:16 You can configure options in the modules configuration in {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}: 17 17 * Add an {{{access = "|x|",}}} line to the relevant module section. 18 18 * 'x' is the ID of the role that should be allowed access to the module … … 20 20 21 21 == Control access to Functions & Tables == 22 You need to go up to security level 4, or above, in your {{{ private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:22 You need to go up to security level 4, or above, in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}: 23 23 {{{ 24 24 settings.security.policy = 3 # Apply Controller ACLs … … 34 34 * These permissions would normally be set via [DeveloperGuidelines/PrePopulate PrePopulate] but there is a powerful API available to add/modify roles via CLI scripts & it is also possible to do it by directly modifying the database. 35 35 36 In order for these checks to be done, then you need to set that module as {{{restricted=True}}} in your {{{ private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:36 In order for these checks to be done, then you need to set that module as {{{restricted=True}}} in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}: 37 37 * [wiki:S3AAA#ControllerRestriction] 38 38 39 39 == Control access to Tables == 40 If you want to control access to the data in a table, no matter by which controller it is accessed, then you need to go up to security level 5, or above, in your {{{ private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:40 If you want to control access to the data in a table, no matter by which controller it is accessed, then you need to go up to security level 5, or above, in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}: 41 41 {{{ 42 42 settings.security.policy = 5 # Apply Controller, Function and Table ACLs … … 50 50 This allows control of access by Realm - so staff of 1 Organisation can see their records of a certain type yet not those for another Organisation in the same database. 51 51 52 You need to go up to security level 6, or above, in your {{{ private/templates/<template>/config.py}}} or {{{models/000_config.py}}}:52 You need to go up to security level 6, or above, in your {{{modules/templates/<template>/config.py}}} or {{{models/000_config.py}}}: 53 53 {{{ 54 54 settings.security.policy = 6: Apply Controller, Function, Table ACLs and Entity Realm … … 76 76 77 77 e.g. 78 * https://github.com/flavour/eden/blob/master/ private/templates/IFRC/auth_roles.csv78 * https://github.com/flavour/eden/blob/master/modules/templates/IFRC/auth_roles.csv 79 79 * Explanation of these roles: https://docs.google.com/document/d/1Jg8NfFAASOeRBALNSXLkA9bg1AcPHRXhr1V3CeA0TFA/edit 80 80