Developer Reference > User Control Access Rights
Draft 3 (Final candidate)
Date: 17 Jan. 2001
Preface
This document is a draft for AOS UCAR implementation. It is going to be one of the API standard, where apply for all existing and future AOS and DA development.
A simple user privilege has been defined during the development on the storage system. And we felt that it is necessary to add more group and access control to AOS, for existing modules and future modules.
Future modules will have to build around with UCAR in mind, allowing the admin to drill down to the module access table, assigning property for each element of the module. For example, the admin may set property for file and folders of the storage system to block certain group of user access. The admin may create topics in the meeting section, set access right on each topic to allow only a predefined group of users to gain access.
AOS implemented both the “group” and “level” concept (refer as privileges, “priv” as follow) where:
Group = case insensitive, max 64 chars. min 1 chars, spaces allow, and full ASCII support - except:
Eg: “Admin” and “User” on the system default.
VO account default to have the following groups:
Admin may add more.
Level = integer starting from 1. There are no up bound limit. AOS reserved 0 and all negative values.
Suggested UCAR checking flow
Comparison table of UCAR:
Level 0 is reserved for AOS controller, where carry the highest access priv to all objects.
Some objects priv may be set by the system admin only (group “Admin”, level 1), like the Menu item or user priv.
However, many of the object priv can be changed by users with the following rules:
LiangTyan Fui
Primary Draft 1, 6 Aug. 2000
Draft 2, 9 Aug. 2000
Final Candidate: 17 Jan. 2001