Security Levels in Venice

Eric J. Bowersox <erbo@users.sf.net> - January 26, 2001

The security level system in Venice is based on a concept of "levels" represented by small 16-bit integers. A number of different security "scope" values are defined, each with a "low band" and a "high band" range of values, defined such that, for any scope level n (n>=0), the "low band" range for scope n+1 is immediately adjacent to, but greater than, the "low band" range for scope n, and the "high band" range for scope n+1 is immediately adjacent to, but less than, the "high band" range for scope n. A table of scopes and their ranges will help visualize this:

Scope Level "Low Band" Range "High Band" Range
0 0-1999 63000-64999
1 2000-3999 61000-62999
2 4000-5999 59000-60999
3 6000-7999 57000-58999
4 8000-9999 55000-56999
5 10000-11999 53000-54999
6 12000-13999 51000-52999
7 14000-15999 49000-50999
8 16000-17999 47000-48999
9 18000-19999 45000-46999
10 20000-21999 43000-44999
11 22000-23999 41000-42999
12 24000-25999 39000-40999
13 26000-27999 37000-38999
14 28000-29999 35000-36999
15 30000-31999 33000-34999
Within each scope level, a "low band" security level refers to an ordinary user at that scope, and a "high band" security level refers to someone who exercises administrative control over that scope (and therefore all scopes greater than or "inside" it). Objects which are logically "enclosed" by other objects have a higher scope value; for instance, a conference would have a higher scope value than a community, which in turn would have a higher scope value than 0 (the "global" scope).

The values 65000-65535 are not used, except that the value 65500 is defined as "no access" (something not even the global system administrator can touch). Neither are the values 32000-32999, except that the value 32500 is defined as "unrestricted user" (lying above the low bands of all scopes but below the high bands of any of them).

Within the "global scope" (scope 0), the following values are defined:

Communities use the scope level 3; the following values are defined within that scope:

Within communities, conferences use scope 6; the following values are defined within that scope:

Each user has a "base access" level, within scope 0, that is stored in the "users" table. Each community has four defined access levels associated with it:

The "sigmember" table maps UIDs to community IDs, adding a "granted level" field that specifies a given user's access level within the community itself. (If a user already has a higher access level than the "granted" access level, as in the case of the global sysadmin, the higher level takes precedence.) Note that this level grant is within the context of that community only, and does not affect access privileges to any other community.

Each conference has seven defined access levels associated with it:

As with communities, there is a "confmember" table that maps UIDs to CONFIDs, adding a "granted level" field that grants additional access privileges. (There is also a field in the table that maps conferences into communities that allows a community to grant its users additional privileges within a conference. Normally, this field is 0, and so it "drops out" of the calculation of access levels.) Note that, if a user has no membership entry for a conference, the entry for the conference's enclosing community takes precedence, or the base level if there is no entry in any enclosing community. Also note that a grant of level for a conference or community only applies with respect to that conference or community, not any other.

Additional scopes and levels will be defined for additional objects as they are added to Venice.