venice-main-classic/doc/security-levels.html
2001-01-31 20:48:40 +00:00

180 lines
8.3 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Doc: Security Levels in Venice</TITLE>
</HEAD>
<BODY>
<H1>Security Levels in Venice</H1>
<EM>Eric J. Bowersox &lt;<A HREF="mailto:erbo@silcom.com">erbo@silcom.com</A>&gt; -
January 26, 2001</EM><P>
The security level system in Venice is based on a concept of "levels" represented by small 16-bit
integers. A number of different security "scope" values are defined, each with a "low band" and a
"high band" range of values, defined such that, for any scope level <EM>n</EM> (<EM>n</EM>&gt;=0),
the "low band" range for scope <EM>n</EM>+1 is immediately adjacent to, but greater than, the "low
band" range for scope <EM>n</EM>, and the "high band" range for scope <EM>n</EM>+1 is immediately
adjacent to, but less than, the "high band" range for scope <EM>n</EM>. A table of scopes and their
ranges will help visualize this:<P>
<TABLE BORDER=1>
<TR VALIGN=MIDDLE>
<TH ALIGN=LEFT><B>Scope Level</B></TH>
<TH ALIGN=LEFT><B>"Low Band" Range</B></TH>
<TH ALIGN=LEFT><B>"High Band" Range</B></TH>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>0</TD>
<TD ALIGN=LEFT>0-1999</TD>
<TD ALIGN=LEFT>63000-64999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>1</TD>
<TD ALIGN=LEFT>2000-3999</TD>
<TD ALIGN=LEFT>61000-62999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>2</TD>
<TD ALIGN=LEFT>4000-5999</TD>
<TD ALIGN=LEFT>59000-60999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>3</TD>
<TD ALIGN=LEFT>6000-7999</TD>
<TD ALIGN=LEFT>57000-58999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>4</TD>
<TD ALIGN=LEFT>8000-9999</TD>
<TD ALIGN=LEFT>55000-56999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>5</TD>
<TD ALIGN=LEFT>10000-11999</TD>
<TD ALIGN=LEFT>53000-54999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>6</TD>
<TD ALIGN=LEFT>12000-13999</TD>
<TD ALIGN=LEFT>51000-52999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>7</TD>
<TD ALIGN=LEFT>14000-15999</TD>
<TD ALIGN=LEFT>49000-50999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>8</TD>
<TD ALIGN=LEFT>16000-17999</TD>
<TD ALIGN=LEFT>47000-48999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>9</TD>
<TD ALIGN=LEFT>18000-19999</TD>
<TD ALIGN=LEFT>45000-46999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>10</TD>
<TD ALIGN=LEFT>20000-21999</TD>
<TD ALIGN=LEFT>43000-44999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>11</TD>
<TD ALIGN=LEFT>22000-23999</TD>
<TD ALIGN=LEFT>41000-42999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>12</TD>
<TD ALIGN=LEFT>24000-25999</TD>
<TD ALIGN=LEFT>39000-40999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>13</TD>
<TD ALIGN=LEFT>26000-27999</TD>
<TD ALIGN=LEFT>37000-38999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>14</TD>
<TD ALIGN=LEFT>28000-29999</TD>
<TD ALIGN=LEFT>35000-36999</TD>
</TR>
<TR VALIGN=MIDDLE>
<TD ALIGN=LEFT>15</TD>
<TD ALIGN=LEFT>30000-31999</TD>
<TD ALIGN=LEFT>33000-34999</TD>
</TR>
</TABLE>
Within each scope level, a "low band" security level refers to an ordinary user at that scope, and a
"high band" security level refers to someone who exercises administrative control over that scope
(and therefore all scopes greater than or "inside" it). Objects which are logically "enclosed" by
other objects have a higher scope value; for instance, a conference would have a higher scope value
than a SIG, which in turn would have a higher scope value than 0 (the "global" scope).<P>
The values 65000-65535 are not used, except that the value 65500 is defined as "no access" (something
not even the global system administrator can touch). Neither are the values 32000-32999, except that
the value 32500 is defined as "unrestricted user" (lying above the low bands of all scopes but below
the high bands of any of them).<P>
Within the "global scope" (scope 0), the following values are defined:
<UL>
<LI>100 - User that has not logged in ("Anonymous Honyak")</LI>
<LI>500 - User that has logged in, but email address is unverified</LI>
<LI>1000 - User logged in and verified (normal user level)</LI>
<LI>64000 - Assistant administrator accounts ("PFY" level)</LI>
<LI>64999 - Global system administrator ("BOFH" level)</LI>
</UL><P>
SIGs use the scope level 3; the following values are defined within that scope:
<UL>
<LI>6500 - SIG member</LI>
<LI>58000 - SIG co-host</LI>
<LI>58500 - SIG host</LI>
</UL><P>
Within SIGs, conferences use scope 6; the following values are defined within that scope:
<UL>
<LI>12500 - Conference member (for private conferences)</LI>
<LI>52500 - Conference host</LI>
</UL><P>
Each user has a "base access" level, within scope 0, that is stored in the "users" table. Each SIG
has four defined access levels associated with it:
<UL>
<LI><B>Read level</B> - minimum access level required to read the SIG's data. This is commonly 6500
(must be a member) but may be lower for special cases.</LI>
<LI><B>Write level</B> - minimum access level required to write the SIG's data. Since this refers to
the SIG itself, this is commonly 58000 (hosts/co-hosts only)</LI>
<LI><B>Create level</B> - minimum access level required to create new objects in the SIG. Typically
58000 (hosts/co-hosts only).</LI>
<LI><B>Delete level</B> - minimum access level required to delete the SIG. Typically 58500 (host
only).</LI>
</UL><P>
The "sigmember" table maps UIDs to SIGIDs, adding a "granted level" field that specifies a given user's
access level within the SIG itself. (If a user already has a higher access level than the "granted"
access level, as in the case of the global sysadmin, the higher level takes precedence.) Note that
this level grant is within the context of <EM>that SIG only,</EM> and does not affect access privileges
to any other SIG.<P>
Each conference has seven defined access levels associated with it:
<UL>
<LI><B>Read level</B> - minimum access level required to read the posts. Commonly 6500 (member of
community) for public confs, 12500 (conference member) for private confs.</LI>
<LI><B>Post level</B> - minimum access level required to post new messages. Commonly 6500 (member of
community) for public confs, 12500 (member of conference) for private confs.</LI>
<LI><B>Create level</B> - minimum access level required to create new topics. Commonly 6500 (member
of community) for public confs, 12500 (member of conference) for private confs.</LI>
<LI><B>Hide level</B> - minimum access level required to archive topics, or hide posts of which you
are not the owner. Commonly 52500 (conference hosts only).</LI>
<LI><B>Nuke level</B> - minimum access level required to scribble posts of which you are not the
owner, to nuke posts, or to delete topics. Commonly 52500 (conference hosts only).</LI>
<LI><B>Change level</B> - minimum access level required to change the conference's profile or
membership list. Commonly 52500 (conference hosts only).</LI>
<LI><B>Delete level</B> - minimum access level required to delete the conference. Commonly 58000
(hosts/cohosts of the enclosing SIG only).</LI>
</UL><P>
As with SIGs, there is a "confmember" table that maps UIDs to CONFIDs, adding a "granted level" field
that grants additional access privileges. (There is also a field in the table that maps conferences
into SIGs that allows a SIG to grant its users additional privileges within a conference. Normally,
this field is 0, and so it "drops out" of the calculation of access levels.) Note that, if a user has
no membership entry for a conference, the entry for the conference's enclosing SIG takes precedence,
or the base level if there is no entry in any enclosing SIG. Also note that a grant of level for a
conference or SIG only applies with respect to <EM>that</EM> conference or SIG, not any other.<P>
Additional scopes and levels will be defined for additional objects as they are added to Venice.<P>
</BODY>
</HTML>