WebApp Sec mailing list archives

RE: Model for Field level Access Control

From: "Lanham, M. MAJ EECS" <Michael.Lanham () usma edu>
Date: Thu, 26 Feb 2004 20:49:36 -0500

You can try phpgacl if your using php

Michael J. Lanham
Major, Infantry
U.S. Military Academy Instructor
D/EECS 845-938-5562 DSN: 688-xxxx, Thayer 1121

-----Original Message-----
From: Sundaram, Ramasubramanian (Cognizant) 
[mailto:SRamasub () chn cognizant com] 
Sent: Thursday, February 26, 2004 12:18 AM
To: webappsec () securityfocus com
Subject: Model for Field level Access Control

HI,
  We are designing a data model for a web application which 
requires attribute level access control for records. 
  This application manages hundreds of thousands of records 
of people. The users of this application work on these 
records by modifying the attributes of the people, adding new 
entries, searching for people etc. Access to these records 
needs to be restricted based on the following factors. 
1)Userid / Role of the logged in user 2)The record he is 
trying to access 3)Fields of the record that he is trying to 
access and 
4)The action he is trying to perform on the 
record(edit,delete or create a new record)

Has anyone come across an efficient model to 
represent/evaluate these restrictions? These records are 
stored in a database.

Any help in this regard is greatly appreciated.

Thanks,
Rams

Current thread:

Model for Field level Access Control Sundaram, Ramasubramanian (Cognizant) (Feb 26)
- <Possible follow-ups>
- RE: Model for Field level Access Control Paul John Summers (Feb 26)
- Re: Model for Field level Access Control Cesar Osorio (Feb 26)
- RE: Model for Field level Access Control Lanham, M. MAJ EECS (Feb 26)