ultimateApp RBAC

Anmerkungen:

• System Administrator, you define ultimateAppSuite users, and assign one or more responsibilities to each user.

1. Defining Application User Profile

   Anmerkungen:

   • 1.- An application user has a username and a password. SystemAdmin Rol define an initial password.  2.- When you define an application user, you assign to the user one or more responsibilities. A responsibility provides a context in which a user operates. This context can include profile option values, navigation menus, available concurrent programs, and so on.
   1. making Credentials

      Anmerkungen:

      • You define userName and password.  Passwords are  Case Sensitivity.
   2. defining resposibilities

      Anmerkungen:

      • When you define a responsibility, you assign to it some or all of the components described below: 1.- Menu (Required) 2.- Data Group (Required) 3.- Function and Menu Exclusions (Optional)
   3. User Session Limits

      Anmerkungen:

      • Using the following profile options you can specify limits on user sessions.
      1. Session Timeout
2. Predefined responsibilities

   Anmerkungen:

   • UltimateAppSuite products are installed with predefined responsibilities.  SystemAdmin Rol is one of them.

Anmerkungen:

• Rol Based Access Control By using RBAC, administrators have more granular control in granting submission privileges to users. Role security allows you to gather related grants into a collection. 
• OVERVIEW Access control deals with the concept of who has access to what, whether the what is a system or a set of information, and the types of operations that can be executed.

1. User
2. Rol

   Anmerkungen:

   • Since the role is a predefined collection of privileges that are grouped together, privileges are easier to assign to users, as in this example:
   • To alleviate the issue of overlapping roles, many designers create a hierarchy of roles, using roles within roles to exactly match the data access requirements to user groups.
   • Roles provide a means of assigning an organized collection of permissions to users. 
   • Rather than having to assign each user his or her own set of permissions, roles can be used to greatly reduce the time and effort required to create the proper permissions for any given user.
   • In addition, if permissions need to be changed, a role can be easily modified and applied to all users to which it is assigned.
   1. Default roles
      1. Connect rol
      2. Create Session
3. Grant security steps
   1. Define roles

      Anmerkungen:

      • Define roles for all know classes of users.
   2. Define access rules

      Anmerkungen:

      • Define access rules for each role.
   3. Define restrictions

      Anmerkungen:

      • Define all row-level and column-level restrictions.
   4. Create vies

      Anmerkungen:

      • Create views for all data access.
   5. Assign views to roles

      Anmerkungen:

      • Assign the views to the roles.
   6. Assign roles to users

      Anmerkungen:

      • Assign the roles to the users.
4. Loopholes
   1. overlapping unplanned roles

      Anmerkungen:

      • Overlapping unplanned access roles. 
   2. Assigning system privileges to roles.
5. Views

   Anmerkungen:

   • Views represent an excellent mechanism for controlling access to data.  Views can limit access to only specified columns or rows within a single table or joined tables.  Views can also ease application maintenance, for example, if data is accessed via a view, the underlying table can change without requiring application changes.
6. others: Label Based Access Control

   Anmerkungen:

   • The security classification system the government uses with labels such as CONFIDENTIAL, SECRET, or TOP SECRET is perhaps the most familiar example of label-based access control. The labels are assigned to data based on the sensitivity level of the information and access to the data labeled at a certain level (such as SECRET) is restricted to those users who have been granted that level of access or higher.

1. initial pass change process

   Anmerkungen:

   • You allow a new user to sign-on to TheUltimateApp by defining an application user. An application user has a username and a password. systemAdmin  Rol define an initial password, then the first time the application user signs on, they must enter a new (secret) password.

Anmerkungen:

• During comparison, if the entered password does not match the decrypted version, then an error message is displayed. 

Anmerkungen:

• Function security s the mechanism by which user access to applications functionality is controlled.

1. Function Register

   Anmerkungen:

   • Application developers register functions when they develop forms. A system administrator administers function security by creating responsibilities that include or exclude particular functions.