Managing Privileges & Roles
The most secure way to manage privileges for users and roles is to confine use of privilege to commands in a rights profile. The rights profile is then included in a role. The role is assigned to a user. When the user assumes the assigned role, the privileged commands are available to be run in a profile shell. The following procedures show how to assign privileges, remove privileges, and debug privilege use.
This Application has built-in permission system which was based on ACL architecture, so you can set permission for role (group) or given user to separated modules.
In Eicra's Application, there are three privilege levels, as well as an extra 'Administrator' privilege. The three privileges take effect per user per table, i.e. a user can have certain privileges on one table and different ones on another. By default software has three rolls such as Developer, Administrator and registered members. Roll is an encapsulated mode of permissions of various modules.
For people with less privilege, the user interface is simplified.
- VIEW: ability to read data only
- EDIT: ability to read and edit data
- MANAGE: ability to modify the database structure, i.e. create/delete tables, fields, reports etc., basically to build up and tear down databases. MANAGE also allows a user to unlock an individual record for editing if it has been locked.
In our application model, Super admin retains un-restricted access to the application. Super admin act a "root" positioning itself top of privileges hierarchy. Unlike other applications, "Administrator" privilege remain just under "Super Admin" which allows admin to performs all administrative task with a bit of limited access.
The core idea is "Super Admin" is preserved for high tech technical staffs of web developer to configure the system/website accordingly to client's requirements. Site owner or head of team can perform his/her daily administrative jobs using "Administrator" access but admin can't garb the system due to limited privilege.