Christoph Grottolo
|
| Posted: 04/27/2002, 12:02 PM |
|
Hi
I think CC and CCS are great tools even for bigger web projects. However, I
wonder why the user/groups mgt. does not improve much in CCS.
For bigger projects there are three main drawbacks - in my eyes:
- users and groups should reside in different tables with a third one
linking the first two. This would allow to have a user in more than one
group with a single user account (one table row)
- it should be possible to nest groups (p.e. site_admins are member of
app_1_admins and of app_2_admins). With the actual solution groups can only
be nested in a hierarchical manner ('higher' groups can inherit the rights
of 'lower' groups) -but how can you handle a situation where one group 1 has
it's rights in sector A, group 2 in sector B but not in A, and group 3
should have rights in A and B?
- commonly used directory services can actually not be used directly (LDAP,
ADS, NDS...)
Now my question: Will CCS final provide more powerful user mgt. than the
actual beta? Which features will probably be implemented?
Thanks for your response.
Christoph
|
|
|
 |
Brent
|
| Posted: 04/27/2002, 9:53 PM |
|
"Christoph Grottolo" <codecharge@gordimer.net> wrote:
:Hi
:
:I think CC and CCS are great tools even for bigger web projects. However, I
:wonder why the user/groups mgt. does not improve much in CCS.
:
:For bigger projects there are three main drawbacks - in my eyes:
:
:- users and groups should reside in different tables with a third one
:linking the first two. This would allow to have a user in more than one
:group with a single user account (one table row)
:- it should be possible to nest groups (p.e. site_admins are member of
:app_1_admins and of app_2_admins). With the actual solution groups can only
:be nested in a hierarchical manner ('higher' groups can inherit the rights
:of 'lower' groups) -but how can you handle a situation where one group 1 has
:it's rights in sector A, group 2 in sector B but not in A, and group 3
:should have rights in A and B?
:- commonly used directory services can actually not be used directly (LDAP,
:ADS, NDS...)
:
:Now my question: Will CCS final provide more powerful user mgt. than the
:actual beta? Which features will probably be implemented?
:
:Thanks for your response.
:
:Christoph
Christoph,
Can you not suffix the sector onto the user's name? So the
lookup would be "Paul Jones:B". The sector id gets concatenated on by
the login script. So he can have a record for several sectors. The
alternative is to rewrite the login page and have a field for the
sector or have the 3 tables as you had described. I agree, the login
form needs to be more flexible.
Brent
|
|
|
|
CodeCharge Support
|
| Posted: 04/27/2002, 10:35 PM |
|
Hi Christoph,
It seems to me that you may be getting into "custom" requirements in the
sense that there could be dozens of methods of handling security, and every
company may utilize various methods.
Although you described a paractical setup, we have focused on simplifying
the handling of security to make sure that we cover the basic, common needs,
and don't confuse those users who don't need more than what we've done.
However, keep in mind that the security feature that we implemented is only
meant to help you, but it is not required as the only method of
authenticating pages.
For example, when you select security groups 1 and 2 for a page, CodeCharge
Studio adds this code to you page (ASP):
'Authenticate User @1-138BCBD6
CCSecurityRedirect "1;2", "AccessDenied.asp"
'End Authenticate User
You can easily replace the above line of code with your own function that
checks user's permissions any way you like.
For example:
MySecurityRedirect "A","B","AccessDenied.asp"
Then you may create your own function "MySecurityRedirect" in Common.asp,
which will handle the security the way you like.
Actually, we have used such technique in a recent project we implemented
using CC 2.0.
We have added a call to our own authentication function to Page Open Event,
in all pages that we wanted to secure.
This works really well and is very simple to implement.
Regards,
Konrad
"Christoph Grottolo" <codecharge@gordimer.net> wrote in message
news:aaesk0$qsh$1@news.codecharge.com...
> Hi
>
> I think CC and CCS are great tools even for bigger web projects. However,
I
> wonder why the user/groups mgt. does not improve much in CCS.
>
> For bigger projects there are three main drawbacks - in my eyes:
>
> - users and groups should reside in different tables with a third one
> linking the first two. This would allow to have a user in more than one
> group with a single user account (one table row)
> - it should be possible to nest groups (p.e. site_admins are member of
> app_1_admins and of app_2_admins). With the actual solution groups can
only
> be nested in a hierarchical manner ('higher' groups can inherit the rights
> of 'lower' groups) -but how can you handle a situation where one group 1
has
> it's rights in sector A, group 2 in sector B but not in A, and group 3
> should have rights in A and B?
> - commonly used directory services can actually not be used directly
(LDAP,
> ADS, NDS...)
>
> Now my question: Will CCS final provide more powerful user mgt. than the
> actual beta? Which features will probably be implemented?
>
> Thanks for your response.
>
> Christoph
>
|
|
|
|
Barry G. Sumpter
|
| Posted: 04/28/2002, 3:29 AM |
|
Hi Konrad,
Could we please put this on our list of Requested 'Tutorials' or
'Samples'?
Preferably a Tutorial.
Thanks,
Baz
"Christoph Grottolo" <codecharge@gordimer.net> wrote in message
news:aaesk0$qsh$1@news.codecharge.com...
> Hi
>
> I think CC and CCS are great tools even for bigger web projects. However,
I
> wonder why the user/groups mgt. does not improve much in CCS.
>
> For bigger projects there are three main drawbacks - in my eyes:
>
> - users and groups should reside in different tables with a third one
> linking the first two. This would allow to have a user in more than one
> group with a single user account (one table row)
> - it should be possible to nest groups (p.e. site_admins are member of
> app_1_admins and of app_2_admins). With the actual solution groups can
only
> be nested in a hierarchical manner ('higher' groups can inherit the rights
> of 'lower' groups) -but how can you handle a situation where one group 1
has
> it's rights in sector A, group 2 in sector B but not in A, and group 3
> should have rights in A and B?
> - commonly used directory services can actually not be used directly
(LDAP,
> ADS, NDS...)
>
> Now my question: Will CCS final provide more powerful user mgt. than the
> actual beta? Which features will probably be implemented?
>
> Thanks for your response.
>
> Christoph
>
|
|
|
|
Barry G. Sumpter
|
| Posted: 04/28/2002, 4:07 AM |
|
Hi all,
My fellow CC2 finatic here at my work and I were speaking about
how to handle a more robust security system.
And I believe he may have been aluding to what Konrad might be
suggesting.
Which is to modify the Common.asp file
My Co-workers way is to include more security fields.
He knows heaps more about CC2 and web scripting than I would ever want
to
and will hopefully be able to clarify his solution shortly.
I'll post here as soon as I understand the solution scenario.
baz
"Christoph Grottolo" <codecharge@gordimer.net> wrote in message
news:aaesk0$qsh$1@news.codecharge.com...
> Hi
>
> I think CC and CCS are great tools even for bigger web projects. However,
I
> wonder why the user/groups mgt. does not improve much in CCS.
>
> For bigger projects there are three main drawbacks - in my eyes:
>
> - users and groups should reside in different tables with a third one
> linking the first two. This would allow to have a user in more than one
> group with a single user account (one table row)
> - it should be possible to nest groups (p.e. site_admins are member of
> app_1_admins and of app_2_admins). With the actual solution groups can
only
> be nested in a hierarchical manner ('higher' groups can inherit the rights
> of 'lower' groups) -but how can you handle a situation where one group 1
has
> it's rights in sector A, group 2 in sector B but not in A, and group 3
> should have rights in A and B?
> - commonly used directory services can actually not be used directly
(LDAP,
> ADS, NDS...)
>
> Now my question: Will CCS final provide more powerful user mgt. than the
> actual beta? Which features will probably be implemented?
>
> Thanks for your response.
>
> Christoph
>
|
|
|
|
Christoph Grottolo
|
| Posted: 04/29/2002, 6:29 AM |
|
Hi Codecharge people
OK, I see the arising problems of an extended user mgt. like I suggested.
Nevertheless, let me make a 'compromise' suggestion:
Add 'SQL' to the security type property, so that one could could specify a
SELECT statement to retrieve the user data for the ccs application. Like
that it would be possible to store the user and groups data in multiple
tables and use it without the need of extending CCS or writing custom code.
How about that?
Hoping...
Christoph
"CodeCharge Support" <support@codecharge.com> schrieb im Newsbeitrag
news:aag1ns$p59$1@news.codecharge.com...
> Hi Christoph,
>
> It seems to me that you may be getting into "custom" requirements in the
> sense that there could be dozens of methods of handling security, and
every
> company may utilize various methods.
> Although you described a paractical setup, we have focused on simplifying
> the handling of security to make sure that we cover the basic, common
needs,
> and don't confuse those users who don't need more than what we've done.
> However, keep in mind that the security feature that we implemented is
only
> meant to help you, but it is not required as the only method of
> authenticating pages.
> For example, when you select security groups 1 and 2 for a page,
CodeCharge
> Studio adds this code to you page (ASP):
> 'Authenticate User @1-138BCBD6
> CCSecurityRedirect "1;2", "AccessDenied.asp"
> 'End Authenticate User
>
> You can easily replace the above line of code with your own function that
> checks user's permissions any way you like.
> For example:
> MySecurityRedirect "A","B","AccessDenied.asp"
> Then you may create your own function "MySecurityRedirect" in Common.asp,
> which will handle the security the way you like.
>
> Actually, we have used such technique in a recent project we implemented
> using CC 2.0.
> We have added a call to our own authentication function to Page Open
Event,
> in all pages that we wanted to secure.
> This works really well and is very simple to implement.
>
> Regards,
>
> Konrad
>
>
>
>
> "Christoph Grottolo" <codecharge@gordimer.net> wrote in message
>news:aaesk0$qsh$1@news.codecharge.com...
> > Hi
> >
> > I think CC and CCS are great tools even for bigger web projects.
However,
> I
> > wonder why the user/groups mgt. does not improve much in CCS.
> >
> > For bigger projects there are three main drawbacks - in my eyes:
> >
> > - users and groups should reside in different tables with a third one
> > linking the first two. This would allow to have a user in more than one
> > group with a single user account (one table row)
> > - it should be possible to nest groups (p.e. site_admins are member of
> > app_1_admins and of app_2_admins). With the actual solution groups can
> only
> > be nested in a hierarchical manner ('higher' groups can inherit the
rights
> > of 'lower' groups) -but how can you handle a situation where one group 1
> has
> > it's rights in sector A, group 2 in sector B but not in A, and group 3
> > should have rights in A and B?
> > - commonly used directory services can actually not be used directly
> (LDAP,
> > ADS, NDS...)
> >
> > Now my question: Will CCS final provide more powerful user mgt. than the
> > actual beta? Which features will probably be implemented?
> >
> > Thanks for your response.
> >
> > Christoph
> >
>
>
|
|
|
|
|
