mydbapp security model reference


The security model hierarchy is as follows: app -> user (recursive) -> permission

users

A user is defined with a user (username) and pass (password).
A user with a blank password is disabled except for the public user but such a user can be an ancestor of other users.

A user can inherit the landing, debug and permission properties of another user.

By default, an application has a * user and a public user which inherits from it.
The * user should be used as the root of all the users, however other roots are also allowed, in which case, permissions need to be assigned to them.

An anonymous user is logged in as public.

permissions

The permission type refers to the different modules of mydbapp ie. menu, page, file, view, form, etc.

The permission name refers to the name of the module.
A permission name * refers to all the modules of the specified type.
Permission precedence is from most specific to least specific.

A permission policy can be either allow or deny.

When a permission is not found for the user, the hierarcy is traversed upwards till the root user (ie. a user which does not inherit)
The default policy is deny when no matching permission is found.


Matthew