[Koha-devel] Intranet Security

Wed Apr 23 02:36:20 CEST 2003

Far better (if possible) to look at ACLs. And don't copy the NT way of
doing it. The system I admired had individual (named) permissions, group
permissions, and default. If it hit a named permission, that was it.
That was what you got. Otherwise it added up all your group permissions.
And if it couldn't find any group permissions, then you got the default.

I would probably have four permissions per object, namely add, delete,
read and write (need rw to edit, ad to move). And I don't know how many
objects - presumably branches, books, and loans to name the obvious.

The other thing this system had was the super-ACL, which was set outside
of the standard ACL setup, and over-rode it. I regularly did "super user
= no rights" on the live disk pack while I was testing something
dangerous :-)

Cheers,
Wol

-----Original Message-----
From: Dave Thorne [mailto:mmmbena1 at hotmail.com] 
Sent: 19 April 2003 03:14
To: koha-devel at lists.sourceforge.net
Subject: Re: [Koha-devel] Intranet Security

I must say that although the library I am speaking on behalf of would
not need more than one layer of security abstraction, for larger systems
I believe it would be necessary. In order to make Koha as 'marketable'
as possible (in the least capitalistic way) such a permissions based
user environment would be greatly preferred, giving more configurability
(and therefore leaving Koha available to a wider potential user base)
which can only be a good thing. As long as the extra work required to
manage such permissions is kept to an absolute minimum so as not to
impinge on the experience of smaller libraries we should be on to a
winner. How about permission groups? Then you could set up 'desk clerk'
and 'librarian' as two seperate groups (or user types) with the
associated permissions set to the groups, and simply add users to or
remove them from these groups. The act of setting every possible
permission for a new user is then made a thousand fold easier.

Although I admit I have not yet looked at the user administration
section in detail, I can't imagine it would take much to implement. Any
comments?

Dave

----Original message from jferraro follows---- 
I have been thinking about the current intranet security setup whereby
any staff member can access any part of the intranet. Is this the policy
in the libraries that are currently using Koha? It may be important to
some of the larger systems (where more than a dozen people are using the
intranet) to increase the levels of password protection. My concern is
less of a control issues and more of an "oops I just deleted our main
branch" issue. Even adding one more layer by seperating the admin from
the normal staff functions might be useful. Even better, maybe users
could be added and given "permission" to access parts of the intranet.
What does everyone think? 
Joshua 

  _____  

Want your email in a hurry? Get  <http://g.msn.com/8HMLENUK/2740>
Hotmail direct to your mobile
------------------------------------------------------- This sf.net
email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Koha-devel mailing list Koha-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/koha-devel 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-devel/attachments/20030423/f73573be/attachment-0002.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
URL: </pipermail/koha-devel/attachments/20030423/f73573be/attachment-0002.txt>