RE: Model for Field level Access Control

["Paul John Summers" <paul_john_summers () hotmail com>]

There's an open source "entitlement framework" called OSAccess from 
OpenSymphony that might get you started.

http://www.opensymphony.com/osaccess/


From: "Sundaram, Ramasubramanian (Cognizant)" <SRamasub () chn cognizant com>
To: <webappsec () securityfocus com>
Subject: Model for Field level Access Control
Date: Thu, 26 Feb 2004 10:48:00 +0530

HI,
  We are designing a data model for a web application which requires 
attribute level access control for records.
  This application manages hundreds of thousands of records of people. The 
users of this application work on these records by modifying the attributes 
of the people, adding new entries, searching for people etc. Access to these 
records needs to be restricted based on the following factors.
1)Userid / Role of the logged in user
2)The record he is trying to access
3)Fields of the record that he is trying to access and
4)The action he is trying to perform on the record(edit,delete or create a 
new record)

Has anyone come across an efficient model to represent/evaluate these 
restrictions? These records are stored in a database.

Any help in this regard is greatly appreciated.

Thanks,
Rams

<< InterScan_Disclaimer.txt >>

_________________________________________________________________
Click, drag and drop. My MSN is the simple way to design your homepage. 
http://click.atdmt.com/AVE/go/onm00200364ave/direct/01/