[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft Re: [Gnumed-devel] Managing users: restricting access within G
From: |
James Busser |
Subject: |
Re: draft Re: [Gnumed-devel] Managing users: restricting access within GNUmed |
Date: |
Thu, 06 Aug 2009 11:46:02 -0700 (PDT) |
-----Original Message-----
> Date: Thu Aug 06 07:14:39 PDT 2009
> From: "Karsten Hilbert" <address@hidden>
> Subject: Re: draft Re: [Gnumed-devel] Managing users: restricting access
> within GNUmed
> To: address@hidden
>
> On Wed, Aug 05, 2009 at 11:19:47AM -0700, Jim Busser wrote:
>
> > >a) enable GNUmed to create clerical and clinical users
> > > (currently all users are clinically enabled)
> >
> > create/add?
> >
> > gm-clinical
> > gm-clerical
>
> Yes. gm-doctors can be used as gm-clinical
So...
1) are you suggesting that the *database* groups be
gm-clerical
gm-doctors
gm-clinical
where
- gm-clerical will obsolete gm-staff_office
- gm-doctors will obsolete gm-staff_medical
- gm-doctors will have more access rights than gm-clinical (who would
eventually be defined as having some in-between grants)?
2) if each member of dem.staff might be able to have more than one
dem.staff_role, do we need a link table to support this one-to-many?
3) in 0.6 shall we provide
dem.staff_role of "doctor" member of gm-doctors
dem.staff_role of "clerical" member of gm-clerical
I would be happy to test some of the restriction that we intend to support
using such a role. In order for this to work, will it need every schema and
table (except those we wish to restrict) to be tagged accessible by
gm_clerical, and all tagged accessible by gm-doctors. The alternative of
specifying only those database groups which *cannot* access certain schemas and
tables (if exists) may be attractive, but maybe also not a sane policy.
- Re: draft Re: [Gnumed-devel] Managing users: restricting access within GNUmed,
James Busser <=