ultimateApp RBAC

Anotações:

• System Administrator, you define ultimateAppSuite users, and assign one or more responsibilities to each user.

1. Defining Application User Profile

   Anotações:

   • 1.- An application user has a username and a password. SystemAdmin Rol define an initial password.  2.- When you define an application user, you assign to the user one or more responsibilities. A responsibility provides a context in which a user operates. This context can include profile option values, navigation menus, available concurrent programs, and so on.
   1. making Credentials

      Anotações:

      • You define userName and password.  Passwords are  Case Sensitivity.
   2. defining resposibilities

      Anotações:

      • When you define a responsibility, you assign to it some or all of the components described below: 1.- Menu (Required) 2.- Data Group (Required) 3.- Function and Menu Exclusions (Optional)
   3. User Session Limits

      Anotações:

      • Using the following profile options you can specify limits on user sessions.
      1. Session Timeout
2. Predefined responsibilities

   Anotações:

   • UltimateAppSuite products are installed with predefined responsibilities.  SystemAdmin Rol is one of them.

Anotações:

• Rol Based Access Control By using RBAC, administrators have more granular control in granting submission privileges to users. Role security allows you to gather related grants into a collection. 
• OVERVIEW Access control deals with the concept of who has access to what, whether the what is a system or a set of information, and the types of operations that can be executed.

1. User
2. Rol

   Anotações:

   • Since the role is a predefined collection of privileges that are grouped together, privileges are easier to assign to users, as in this example:
   • To alleviate the issue of overlapping roles, many designers create a hierarchy of roles, using roles within roles to exactly match the data access requirements to user groups.
   • Roles provide a means of assigning an organized collection of permissions to users. 
   • Rather than having to assign each user his or her own set of permissions, roles can be used to greatly reduce the time and effort required to create the proper permissions for any given user.
   • In addition, if permissions need to be changed, a role can be easily modified and applied to all users to which it is assigned.
   1. Default roles
      1. Connect rol
      2. Create Session
3. Grant security steps
   1. Define roles

      Anotações:

      • Define roles for all know classes of users.
   2. Define access rules

      Anotações:

      • Define access rules for each role.
   3. Define restrictions

      Anotações:

      • Define all row-level and column-level restrictions.
   4. Create vies

      Anotações:

      • Create views for all data access.
   5. Assign views to roles

      Anotações:

      • Assign the views to the roles.
   6. Assign roles to users

      Anotações:

      • Assign the roles to the users.
4. Loopholes
   1. overlapping unplanned roles

      Anotações:

      • Overlapping unplanned access roles. 
   2. Assigning system privileges to roles.
5. Views

   Anotações:

   • Views represent an excellent mechanism for controlling access to data.  Views can limit access to only specified columns or rows within a single table or joined tables.  Views can also ease application maintenance, for example, if data is accessed via a view, the underlying table can change without requiring application changes.
6. others: Label Based Access Control

   Anotações:

   • The security classification system the government uses with labels such as CONFIDENTIAL, SECRET, or TOP SECRET is perhaps the most familiar example of label-based access control. The labels are assigned to data based on the sensitivity level of the information and access to the data labeled at a certain level (such as SECRET) is restricted to those users who have been granted that level of access or higher.

1. initial pass change process

   Anotações:

   • You allow a new user to sign-on to TheUltimateApp by defining an application user. An application user has a username and a password. systemAdmin  Rol define an initial password, then the first time the application user signs on, they must enter a new (secret) password.

Anotações:

• During comparison, if the entered password does not match the decrypted version, then an error message is displayed. 

Anotações:

• Function security s the mechanism by which user access to applications functionality is controlled.

1. Function Register

   Anotações:

   • Application developers register functions when they develop forms. A system administrator administers function security by creating responsibilities that include or exclude particular functions.