00952ef543
alias
181 lines
8.5 KiB
HTML
181 lines
8.5 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>Doc: Security Levels in Venice</TITLE>
|
|
</HEAD>
|
|
|
|
<BODY>
|
|
<H1>Security Levels in Venice</H1>
|
|
<EM>Eric J. Bowersox <<A HREF="mailto:erbo@users.sf.net">erbo@users.sf.net</A>> -
|
|
January 26, 2001</EM><P>
|
|
|
|
The security level system in Venice is based on a concept of "levels" represented by small 16-bit
|
|
integers. A number of different security "scope" values are defined, each with a "low band" and a
|
|
"high band" range of values, defined such that, for any scope level <EM>n</EM> (<EM>n</EM>>=0),
|
|
the "low band" range for scope <EM>n</EM>+1 is immediately adjacent to, but greater than, the "low
|
|
band" range for scope <EM>n</EM>, and the "high band" range for scope <EM>n</EM>+1 is immediately
|
|
adjacent to, but less than, the "high band" range for scope <EM>n</EM>. A table of scopes and their
|
|
ranges will help visualize this:<P>
|
|
|
|
<TABLE BORDER=1>
|
|
<TR VALIGN=MIDDLE>
|
|
<TH ALIGN=LEFT><B>Scope Level</B></TH>
|
|
<TH ALIGN=LEFT><B>"Low Band" Range</B></TH>
|
|
<TH ALIGN=LEFT><B>"High Band" Range</B></TH>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>0</TD>
|
|
<TD ALIGN=LEFT>0-1999</TD>
|
|
<TD ALIGN=LEFT>63000-64999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>1</TD>
|
|
<TD ALIGN=LEFT>2000-3999</TD>
|
|
<TD ALIGN=LEFT>61000-62999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>2</TD>
|
|
<TD ALIGN=LEFT>4000-5999</TD>
|
|
<TD ALIGN=LEFT>59000-60999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>3</TD>
|
|
<TD ALIGN=LEFT>6000-7999</TD>
|
|
<TD ALIGN=LEFT>57000-58999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>4</TD>
|
|
<TD ALIGN=LEFT>8000-9999</TD>
|
|
<TD ALIGN=LEFT>55000-56999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>5</TD>
|
|
<TD ALIGN=LEFT>10000-11999</TD>
|
|
<TD ALIGN=LEFT>53000-54999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>6</TD>
|
|
<TD ALIGN=LEFT>12000-13999</TD>
|
|
<TD ALIGN=LEFT>51000-52999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>7</TD>
|
|
<TD ALIGN=LEFT>14000-15999</TD>
|
|
<TD ALIGN=LEFT>49000-50999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>8</TD>
|
|
<TD ALIGN=LEFT>16000-17999</TD>
|
|
<TD ALIGN=LEFT>47000-48999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>9</TD>
|
|
<TD ALIGN=LEFT>18000-19999</TD>
|
|
<TD ALIGN=LEFT>45000-46999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>10</TD>
|
|
<TD ALIGN=LEFT>20000-21999</TD>
|
|
<TD ALIGN=LEFT>43000-44999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>11</TD>
|
|
<TD ALIGN=LEFT>22000-23999</TD>
|
|
<TD ALIGN=LEFT>41000-42999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>12</TD>
|
|
<TD ALIGN=LEFT>24000-25999</TD>
|
|
<TD ALIGN=LEFT>39000-40999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>13</TD>
|
|
<TD ALIGN=LEFT>26000-27999</TD>
|
|
<TD ALIGN=LEFT>37000-38999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>14</TD>
|
|
<TD ALIGN=LEFT>28000-29999</TD>
|
|
<TD ALIGN=LEFT>35000-36999</TD>
|
|
</TR>
|
|
<TR VALIGN=MIDDLE>
|
|
<TD ALIGN=LEFT>15</TD>
|
|
<TD ALIGN=LEFT>30000-31999</TD>
|
|
<TD ALIGN=LEFT>33000-34999</TD>
|
|
</TR>
|
|
</TABLE>
|
|
|
|
Within each scope level, a "low band" security level refers to an ordinary user at that scope, and a
|
|
"high band" security level refers to someone who exercises administrative control over that scope
|
|
(and therefore all scopes greater than or "inside" it). Objects which are logically "enclosed" by
|
|
other objects have a higher scope value; for instance, a conference would have a higher scope value
|
|
than a community, which in turn would have a higher scope value than 0 (the "global" scope).<P>
|
|
The values 65000-65535 are not used, except that the value 65500 is defined as "no access" (something
|
|
not even the global system administrator can touch). Neither are the values 32000-32999, except that
|
|
the value 32500 is defined as "unrestricted user" (lying above the low bands of all scopes but below
|
|
the high bands of any of them).<P>
|
|
Within the "global scope" (scope 0), the following values are defined:
|
|
<UL>
|
|
<LI>100 - User that has not logged in ("Anonymous Honyak")</LI>
|
|
<LI>500 - User that has logged in, but email address is unverified</LI>
|
|
<LI>1000 - User logged in and verified (normal user level)</LI>
|
|
<LI>64000 - Assistant administrator accounts ("PFY" level)</LI>
|
|
<LI>64999 - Global system administrator ("BOFH" level)</LI>
|
|
</UL><P>
|
|
Communities use the scope level 3; the following values are defined within that scope:
|
|
<UL>
|
|
<LI>6500 - Community member</LI>
|
|
<LI>58000 - Community co-host</LI>
|
|
<LI>58500 - Community host</LI>
|
|
</UL><P>
|
|
Within communities, conferences use scope 6; the following values are defined within that scope:
|
|
<UL>
|
|
<LI>12500 - Conference member (for private conferences)</LI>
|
|
<LI>52500 - Conference host</LI>
|
|
</UL><P>
|
|
Each user has a "base access" level, within scope 0, that is stored in the "users" table. Each community
|
|
has four defined access levels associated with it:
|
|
<UL>
|
|
<LI><B>Read level</B> - minimum access level required to read the community's data. This is commonly
|
|
6500 (must be a member) but may be lower for special cases.</LI>
|
|
<LI><B>Write level</B> - minimum access level required to write the community's data. Since this
|
|
refers to the community itself, this is commonly 58000 (hosts/co-hosts only)</LI>
|
|
<LI><B>Create level</B> - minimum access level required to create new objects in the community.
|
|
Typically 58000 (hosts/co-hosts only).</LI>
|
|
<LI><B>Delete level</B> - minimum access level required to delete the community. Typically 58500 (host
|
|
only).</LI>
|
|
</UL><P>
|
|
The "sigmember" table maps UIDs to community IDs, adding a "granted level" field that specifies a given
|
|
user's access level within the community itself. (If a user already has a higher access level than the
|
|
"granted" access level, as in the case of the global sysadmin, the higher level takes precedence.) Note
|
|
that this level grant is within the context of <EM>that community only,</EM> and does not affect access
|
|
privileges to any other community.<P>
|
|
Each conference has seven defined access levels associated with it:
|
|
<UL>
|
|
<LI><B>Read level</B> - minimum access level required to read the posts. Commonly 6500 (member of
|
|
community) for public confs, 12500 (conference member) for private confs.</LI>
|
|
<LI><B>Post level</B> - minimum access level required to post new messages. Commonly 6500 (member of
|
|
community) for public confs, 12500 (member of conference) for private confs.</LI>
|
|
<LI><B>Create level</B> - minimum access level required to create new topics. Commonly 6500 (member
|
|
of community) for public confs, 12500 (member of conference) for private confs.</LI>
|
|
<LI><B>Hide level</B> - minimum access level required to archive topics, or hide posts of which you
|
|
are not the owner. Commonly 52500 (conference hosts only).</LI>
|
|
<LI><B>Nuke level</B> - minimum access level required to scribble posts of which you are not the
|
|
owner, to nuke posts, or to delete topics. Commonly 52500 (conference hosts only).</LI>
|
|
<LI><B>Change level</B> - minimum access level required to change the conference's profile or
|
|
membership list. Commonly 52500 (conference hosts only).</LI>
|
|
<LI><B>Delete level</B> - minimum access level required to delete the conference. Commonly 58000
|
|
(hosts/cohosts of the enclosing community only).</LI>
|
|
</UL><P>
|
|
As with communities, there is a "confmember" table that maps UIDs to CONFIDs, adding a "granted level"
|
|
field that grants additional access privileges. (There is also a field in the table that maps
|
|
conferences into communities that allows a community to grant its users additional privileges within a
|
|
conference. Normally, this field is 0, and so it "drops out" of the calculation of access levels.) Note
|
|
that, if a user has no membership entry for a conference, the entry for the conference's enclosing
|
|
community takes precedence, or the base level if there is no entry in any enclosing community. Also
|
|
note that a grant of level for a conference or community only applies with respect to <EM>that</EM>
|
|
conference or community, not any other.<P>
|
|
Additional scopes and levels will be defined for additional objects as they are added to Venice.<P>
|
|
</BODY>
|
|
</HTML>
|