RC separation of duty

From: ao@morpork.shnet.org (A. Ott)
Subject: RC separation of duty
Date: 29 Oct 1999 11:55:00 +0200

Next Article (by Date): Re: RC separation of duty "Paul D. Robertson"
Previous Article (by Date): Re: patch-2.2.13 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty "Paul D. Robertson"
Articles sorted by: [Date] [Author] [Subject] 

Hi all!

I am currently working on a separation of duty system for RC  
administration, since I also think it necessary.

We already had:
- old admin_type: Role Admin (may read and set everything) and System
  Admin (may read everything). This is kept, works as before and keeps
  things simple for beginners.

Now we also have:
- New role vector admin_roles:
  Which roles a user in this role may administrate. Several role settings
  are further restricted by other rights, e.g. role_comp and type_comp_xx.
- New role vector assign_roles:
  Which roles a user in this role may read and assign to users and
  processes (process only, if MODIFY_ATTRIBUTE is allowed), and which
  compatible roles she may assign to those roles (if assign_roles contains
  all roles involved).
  Further restriction: the old user/process role must also be contained
  in your assign_roles vector. This way, a partial role assigner must
  always stay within a limited set of roles, and cannot affect users and
  processes in other roles.
- These new vectors may only be changed by old style Role Admins. If you
  set them at the beginning, and then remove all Role Admins, this
  separation is forever fixed (well, unless booting Maint kernel).

- New type access rights:
  - ADMIN: Set/delete name, set need_overwrite for FD types
  - ASSIGN: Assign this type to objects. Sure you also need
      MODIFY_ATTRIBUTE on the target.
  - ACCESS_CONTROL: Change normal (old) access rights to this type for
      your administrated roles
  - SUPERVISOR: Change these new special rights to this type for your
      administrated roles.
- If no role has SUPERVISOR right to a type, the separation is forever
  fixed (again unless booting Maint kernel)

Old roles and types are automatically updated on the first boot of the new  
version. On update, Role Admins simply get everything new fully allowed.  
System Admins get assign right for their own role, which means they are  
allowed to read their own role settings, but not to change anything.

So you could reboot with new version, reset old admin_type to none for all  
roles and thus get your current administration settings fixed.

Comments?

Amon.

--
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: RC separation of duty "Paul D. Robertson"
Previous Article (by Date): Re: patch-2.2.13 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty "Paul D. Robertson"
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.