Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Model for Field level Access Control

Model for Field level Access Control

From: Sundaram, Ramasubramanian (Cognizant) <SRamasub_at_chn.cognizant.com>
Date: Thu, 26 Feb 2004 10:48:00 +0530

HI,
  We are designing a data model for a web application which requires attribute level access control for records.
  This application manages hundreds of thousands of records of people. The users of this application work on these records by modifying the attributes of the people, adding new entries, searching for people etc. Access to these records needs to be restricted based on the following factors.
1)Userid / Role of the logged in user
2)The record he is trying to access
3)Fields of the record that he is trying to access and
4)The action he is trying to perform on the record(edit,delete or create a new record)

Has anyone come across an efficient model to represent/evaluate these restrictions? These records are stored in a database.

Any help in this regard is greatly appreciated.

Thanks,
Rams
 

Received on Feb 26 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos