For users external to PPC, the behavior of the Access Control System is defined in the following sections.
This section describes the general behavior of the access control system, regardless of whether access control is enabled, or not.
- For external users, enabling of "access control" is optional
- The access control system can be enabled or disabled at any time, including:
- Initial application installation
- Later application use
- Access control applies to all users
- If enabled, all users will be limited by their group assignments
- If disabled, all users have free access to system resources
- Initial user accounts
- ACME will ship with two initial user accounts:
- Administrator
- Unknown User
- These two initial user accounts cannot be deleted
- Administrator account
- The Administrator user is in a group also named Administrator
- Regardless of whether security is enabled, there will always be an administrative user
- The administrator of external security will have the username "Administrator"
-
The password for this account is initially "admin"
-
A password for this account is mandatory
- The password for this account can be changed only by the Administrator
- The Administrator user account cannot be deleted or edited
- The Administrator group cannot be deleted or edited
- Unknown User account
- The Unknown User user is in a group named Unknown User
- The Unknown User user cannot be deleted or edited
- The Unknown Group group cannot be deleted or edited
- The Unknown Group group has full access to all functional areas other than User and Group management
- Users cannot log in as the user Unknown User when security is enabled
- CRUDing User Accounts
- The Administrator is the only user that can add, delete, and edit user account information
- All users can view usernames, group names, group members, and group rights without restriction.
- The Administrator can log in and use ACME, and has no security restrictions whatsoever.
This section describes the specific behavior of the access control system under the condition that the security features of the system are disabled.
- The login screen is not displayed
- All users will have unlimited read/write access to all ACME functions except User and Group management
- The Administrator can only log in through the "Become Administrator" process
- Any User or Group changes will not take effect until security is enabled
This section describes the specific behavior of the access control system under the condition that the security features of the system have been enabled.
- External Access Control Levels (ACL) will be based on the same functional areas that the internal security is based on
- For example, a user may or may not have the right to edit an invoice
- External ACL will be controlled by the Administrator account
- The Administrator can:
- Add, edit and remove groups
- Add, edit and remove user accounts
- Assign functional areas to groups
- Add, edit and remove user-to-group relationships
-
If multiple users are going to log in, security must be enabled
- Note: We do not want to program for this until Phase 2E when an actual installation program will be used
This section is completely new.
-
Functional areas for Phase 2C are defined as follows:
- Job - New
- User can either create new jobs, or not
- Job - Edit
- User can either edit jobs, or they are read-only
- Job - Delete
- User can either delete jobs or not
-
Job - Clear Locks
-
Become Administrator
-
Switch Databases
-
Job - Save As
- The ability to create a job implies the ability to use "Save As..."
- The ability to delete a job implies the ability to overwrite an existing job
-
Job - List Jobs
-
Issue: Is there any need to restrict this?
- The following functional areas belong only to the Administrator
- User - New
- User - Edit
- User - Delete
- Group - New
- Group - Edit
- Group - Delete
- List User Accounts
- The following functional areas are specifically not being created. It is assumed that all users can CRUD database connections.
- Database - New
- Database - Edit
- Database - Delete
-
This list of functional areas is the same for all customers
- i.e., all customers will have "User - New", "User - Edit"
- i.e, Bobit will not have one list of functional areas, Medical World another list, etc.
- There are three possible access levels for each functional area:
- Hidden
- Generally speaking, menu options will not be visible
- View
- Generally speaking, menu options will be visible, but not enabled
- Edit
- Menu options will be enabled
- One and only one access level can be specified per functional area, per group created
- Ex: The group READ_ONLY is defined to have one access level of "VIEW" for the "Edit Job" functional area.
When access control is enabled, User Groups can be created by the Administrator to represent user roles.
- External User Groups
- Functional areas will be assigned to groups
- Groups cannot contain other groups
- i.e., there is not a recursive nesting of one group inside of another group, inside of another ...
- Example:
- One group is named "Order Entry"
- A second group is named "Book Map"
- Order Entry cannot contain Book Map
- Book Map cannot contain Order Entry
- Group name restrictions
- Group names can be up to 32 characters
- Group names can contain the following characters:
- A-Z, a-z, 0-9, _, -, and blank spaces
- The name must begin with a character or number
- ACME will ship with one default Group named something like "ALL_RIGHTS"
- This group will have read/write access for all functional areas
With access control enabled, the Administrator must create user accounts to let users log in.
- External Users
- Users must login when starting the application
- Users will be able to change their passwords
- Users can belong to only one group
- User name restrictions
- User names can be up to 20 characters
- User names can contain the following characters:
- A-Z, a-z, 0-9, _, -, and blank spaces
- The name must begin with a character or number
- A User account must always have an associated password
- Passwords
- Password restrictions
- Passwords can be up to 20 characters
- Passwords can contain any ASCII character
- Password changing
- Users can change their own passwords
- The Administrator can change any user's password
- The User database will ship with two accounts:
- Administrator
- Unknown User
- The Group database will ship with two accounts:
- Administrator
- Unknown Group
- The Customer database will ship with one or more PPC customer accounts
-
Any user can log into the system more than once simultaneously
-
This includes Administrators
-
This includes multiple logins per one machine
-
This includes multiple logins from multiple workstations
|
|