2. PHPRunner General questions
  3. Adv Security Settings
This topic is locked

Adv Security Settings

 		3/27/2008 11:20:35 PM
PHPRunner General questions
bbarker author

I'm a little confused about the best way to use the Advanced Security Settings.
Here's my setup:
My database is fully password-protected. All users are assigned to various Groups.
===================

I want users to be able to SEE other people's data.
I want most Users (95%) to only be able to change their OWN data. (eg. address, city, state)
But I also want a limited Group (of people) to be able to modify certain tables of all users. (cars, renewal dates, etc)
So, I've started by selecting the first category "1. Users can see and edit other users data."

But there seems to be greater security if I chose "3. Users can see other users data, can edit their own data only." -- and then grant ADMIN to some people.

====================
QUESTIONS:

  1. Is Category 1 secure enough?
  2. When there is an Admin group, can you restrict it sufficiently to a table or is it more powerful than that? It seems counter-intuitive to assign someone as ADMIN, and then restrict their capabilities.
  3. Can there be different levels of Admin rights? For example Write access to different tables?
J
 		Jane 3/28/2008

Bill,
I recommend you to use "3. Users can see other users data, can edit their own data only." mode and add additional admin group on the User group permissions dialog.

Also you can setup different levels of permissions on the User group permissions dialog.
You can find some tips in the PHPRunner tutorials:

http://www.xlinesoft.com/phprunner/php-database.htm

or in the PHPRunner Help:

http://www.xlinesoft.com/phprunner/docs/about_phprunner.htm
bbarker author 3/28/2008

Bill,

I recommend you to use "3. Users can see other users data, can edit their own data only." mode and add additional admin groupS on the User group permissions dialog.

Also you can setup different levels of permissions on the User group permissions dialog.



Thanks for your response.
So, use type 3 since it provides an elementary level of restriction.
Then add additional Admin accountS to do what I want? Is that right? Plural is okay? As edited above?

I need about 4 different types of groups (Admins) that have 4 different areas in the database that they have global edit capabilities for.
Sergey Kornilov admin 3/28/2008

Bill,
there is no such thing as a "better security".
It only matters if security model matches your business logic.
You can create multiple admin groups with different permissions set. Use User Group Permissions for this purpose.