The security level system in Venice is based on a concept of "levels" represented by small 16-bit integers. A number of different security "scope" values are defined, each with a "low band" and a "high band" range of values, defined such that, for any scope level n (n>=0), the "low band" range for scope n+1 is immediately adjacent to, but greater than, the "low band" range for scope n, and the "high band" range for scope n+1 is immediately adjacent to, but less than, the "high band" range for scope n. A table of scopes and their ranges will help visualize this:
Scope Level | "Low Band" Range | "High Band" Range |
---|---|---|
0 | 0-1999 | 63000-64999 |
1 | 2000-3999 | 61000-62999 |
2 | 4000-5999 | 59000-60999 |
3 | 6000-7999 | 57000-58999 |
4 | 8000-9999 | 55000-56999 |
5 | 10000-11999 | 53000-54999 |
6 | 12000-13999 | 51000-52999 |
7 | 14000-15999 | 49000-50999 |
8 | 16000-17999 | 47000-48999 |
9 | 18000-19999 | 45000-46999 |
10 | 20000-21999 | 43000-44999 |
11 | 22000-23999 | 41000-42999 |
12 | 24000-25999 | 39000-40999 |
13 | 26000-27999 | 37000-38999 |
14 | 28000-29999 | 35000-36999 |
15 | 30000-31999 | 33000-34999 |
The values 65000-65535 are not used, except that the value 65500 is defined as "no access" (something not even the global system administrator can touch). Neither are the values 32000-32999, except that the value 32500 is defined as "unrestricted user" (lying above the low bands of all scopes but below the high bands of any of them).
Within the "global scope" (scope 0), the following values are defined:
SIGs use the scope level 3; the following values are defined within that scope:
Within SIGs, conferences use scope 6; the following values are defined within that scope:
Each user has a "base access" level, within scope 0, that is stored in the "users" table. Each SIG has four defined access levels associated with it:
The "sigmember" table maps UIDs to SIGIDs, adding a "granted level" field that specifies a given user's access level within the SIG itself. (If a user already has a higher access level than the "granted" access level, as in the case of the global sysadmin, the higher level takes precedence.) Note that this level grant is within the context of that SIG only, and does not affect access privileges to any other SIG.
Each conference has seven defined access levels associated with it:
As with SIGs, there is a "confmember" table that maps UIDs to CONFIDs, adding a "granted level" field that grants additional access privileges. (There is also a field in the table that maps conferences into SIGs that allows a SIG to grant its users additional privileges within a conference. Normally, this field is 0, and so it "drops out" of the calculation of access levels.) Note that, if a user has no membership entry for a conference, the entry for the conference's enclosing SIG takes precedence, or the base level if there is no entry in any enclosing SIG. Also note that a grant of level for a conference or SIG only applies with respect to that conference or SIG, not any other.
Additional scopes and levels will be defined for additional objects as they are added to Venice.