Ticket #764 (closed Enhancement: fixed)

Opened 6 years ago

Last modified 6 years ago

Access Control: introduce "System" role

Reported by: jri Owned by: jri
Priority: Major Milestone: Release 4.6
Component: DeepaMehta Standard Distribution Version: 4.5
Keywords: Cc: dgf, Malte, JuergeN
Complexity: 3 Area:
Module: deepamehta-accesscontrol

Description

The "System" itself must be seen as an authority in its own. The System needs unrestricted access to the database, in order e.g. to convert the entire DB content in the course of a system upgrade.

The System authority should be implicitly in effect for all code that is invoked by the system itself -- as opposed to be invoked by a user. That applies mainly to the code executed when the system starts up. In particular all migrations must run under the System authority.

Technically the System authority could be realized straight-forward. No dedicated user account or "role" must be introduced. Instead all code that is executed outside a request scope can be regarded to run as "System". In contrast code running in request scope is always invoked by a (possibly anonymous) user.

Change History

comment:1 Changed 6 years ago by jri

  • Status changed from new to accepted

comment:2 Changed 6 years ago by Jörg Richter <jri@…>

In ec8f36bcc66d6f2205bebafc028682ef486cf4e2/deepamehta:

Access Control: add "System" authority (#764).

Code that is invoked by the system itself -- as opposed to be invoked by a user -- runs under the System authority. The System authority has unrestricted access to the database. The System authority is in effect for all code that executes outside a request scope, that comprises the migrations in particular.

See #764.

comment:3 Changed 6 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.