具有多数据库应用程序的访问控制 [英] Access Control with a multi database application
问题描述
我有一个mainDB.nsf,其中包含所有XPages设计,代理,脚本库等.用户从该数据库中选择一个应用程序.可能有一个或多个应用程序数据库.每个应用程序数据库都包含该应用程序的实际数据,以及在mainDB中的自定义控件中访问的数据视图. 因此,当某人通过mainDB进行身份验证时,他们将获得其所有安全权限,并假定mainDB中存在一个称为[Finance]的角色.现在,在mainDB中没有真正的数据文档,但是在PurchaseReq.nsf中,并且具有[Finance]角色的任何人都可以对PurchaseReq.nsf中的所有文档获得编辑者权限.因此,我已经在mainDB.nsf和PurchaseReq.nsf中定义了角色.但是,我不希望具有[Finance]角色的人员在mainDB.nsf中拥有编辑权限,而仅在PurchaseReq.nsf中具有编辑权限.如果我将角色分配给MainDB.nsf中具有读者"权限的人,并复制了"PurchaseReq.nsf"中具有编辑者"权限的ACL条目,则用户将在"Purchaseqq.nsf"中打开文档,他们将拥有读者"或编辑者"权限. 第二,我什至必须在mainDB.nsf中扮演[Finance]角色.
I have a mainDB.nsf that contains all of the XPages design, agents, script libraries etc. From this database the user selects an application. There may be one or more application databases. Each of the applications databases contain the actual data for the application, plus the views of that data that is accessed in custom controls in the mainDB. So when a person authenticates against the mainDB they get all their security rights and assume that there is a role in the mainDB called [Finance]. Now there are no real data documents in the mainDB but in the PurchaseReq.nsf there are and anyone with the [Finance] role gets Editor rights to all documents in the PurchaseReq.nsf. So I have defined the role in both the mainDB.nsf and PurchaseReq.nsf. However, I do not want the person with the role [Finance] to have Editor rights in mainDB.nsf but only in PurchaseReq.nsf. If I assign the role to a person in the MainDB.nsf with say Reader rights and duplicate the ACL entry in the PurchaseReq.nsf with Editor rights the user opens a document in PurchaseReq.nsf will they have reader or editor rights. Seccondly, do I even have to have the role [Finance] in the mainDB.nsf.
我在某处读到了有关具有设计数据库和多个数据存储库的这种设置的信息,但找不到该参考.
I read somewhere about this sort of setup with a design database and multiple data repositories but I can't find that reference.
推荐答案
访问权限是在每个数据库级别确定的-而不是跨数据库确定的.
Access is determined on a per database level - and not across databases.
因此,如果您在MainDB.nsf中将具有阅读者权限的人员分配给一个角色,并在另一个数据库中为具有编辑者权限的同名角色分配,则该人员将具有MainDB.nsf的阅读者权限,而对数据库具有编辑者权限.其他数据库.
So if you assign a role to a person in MainDB.nsf with Reader rights and assign a role with the same name with Editor rights in another database, then the person will have reader rights to MainDB.nsf and editor rights to the other database.
该角色在MainDB中不是必需的,除非用于对该数据库中的文档/设计元素进行访问控制.
The role is not necessary in MainDB unless used for access control to documents/design elements in that database.
这篇关于具有多数据库应用程序的访问控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
