Prev  Up  Next
Chapter 13. Define Your Scope Hierarchy (STEP 6)  Home  Chapter 15. Integrate And/Or Create Roles (STEP 8)

This is a pretty simple step. As a starting point, you should create data access privileges for each table and view in your application. As a minimum you should provide select and modify privileges but we recommend the full set of select, insert, update and delete privileges for each.

In order to allow for future Veil2 system privileges to be added, it is recommended that you begin numbering your privileges from 20.

You should aim to keep the range of privilege_ids that are in use as small as possible. You do not want unused ids, as this extends the range and will lead to larger bitmaps being needed and slightly reduced performance. Always allocate privilege_ids manually (do not use a sequence), and if you need to delete some privileges, try to subsequently re-use the original ids. Note that Veil2 defines a number of its own privileges. They should be left alone.

At this point you need to determine the appropriate scope for privileges on each relation (table or view). You may, at this point, discover scopes that you hadn't previously considered. You can go back to earlier steps if needed.

You may find that you are unable to determine a suitable scope for some relations. If so, leave it as null. When you test your system with an unprivileged user, you will have no access to this relation, and the scope that it needs will become apparent.

The demo sets a (very) minimal set of privileges. Look for STEP 7 in the file demo/veil2_demo--0.9.1 (beta).sql.


Prev  Up  Next
Chapter 13. Define Your Scope Hierarchy (STEP 6)  Home  Chapter 15. Integrate And/Or Create Roles (STEP 8)