|
|
Posted by Lewis Perin on 11/28/06 21:48
Michael Vilain <vilain@spamcop.net> writes:
> In article <pc7wt5ffv72.fsf@panix1.panix.com>,
> Lewis Perin <perin@panix.com> wrote:
>
> > Is anyone aware of robust software, suited to a preexisting PHP
> > application, that handles permissions for various types of requests by
> > role rather than user ID? I'm speaking of maintaining/editing the
> > permissions and deciding on the requests, but either "half" of the
> > solution might be useful.
> >
> > Sorry, but adopting a whole application framework is out of the question.
>
> If you're running php scripts in the command line rather than on a
> web-server, you might benefit from running from within RBAC (on Solaris,
> no?) or sudo (close enough to have 7 alleals in common).
>
> But if you're running from the web, your process runs under the web
> server's UID. I fail to see how RBAC might help in that situation.
I didn't mean RBAC, the Solaris concept of fine-grained superuser
privileges; I meant RBAC, the more general concept of role-based
access control, in this case applied to the user roles, operations,
and resources within a Web-based PHP application.
> What are you attempting to achieve here rather than asking about a
> specific solution?
To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.
(By being this abstract, I'm not trying to be mysterious; I'm just
trying to state the problem clearly.)
/Lew
---
Lew Perin / perin@acm.org
http://www.panix.com/~perin/babelcarp.html
Navigation:
[Reply to this message]
|