- You are not logged in. | Login
March 20, 2007 4:08 am
- monkeydude
- Member
How to do this?
The general idea is following: there is an intention to make an organization??™s site with lots of subdomains. The things needed:
- Each subdomain will be gained to some department of this organization.
- Each subdomain should have limited access to the centralized data base: review should be free but only a limited set of tables and entries (i.e. , for instance, editing some album within photo gallery) should be available for changing.
- The administrator of subdomain should have unlimited access to the folders and files of his subdomain.
But there is such a problem: on the one hand we rely on consciousness of each admin but nevertheless we have to limit their freedom at least by the base access in order to evade total breaking.
How to realize this idea? May I write my own API for the database and forbid execution of the embedded command (and the question is how I can do that)? Or maybe it??™s better to transmit all the commands to the handler on the leading host and validate all requests to the base there and so on?
Are there any other variants of realization? Can I read something concerning the topic somewhere and where should I search?
March 20, 2007 4:10 am
- senjor_itc
- Member
Re: How to do this?
You are to write API of the site which is going to delimit access. So what is the problem?
March 20, 2007 4:14 am
- monkeydude
- Member
Re: How to do this?
Could you tell me more detailed about it? I have never faced such a task but I??™m sure that some solutions are already invented by someone.
March 20, 2007 4:17 am
- monkeydude
- Member
Re: How to do this?
I??™ve described the problem. What is approximate mechanism of API work? What about links to other realizations?
March 20, 2007 4:19 am
- Mr.SMart
- Member
Re: How to do this?
Moderators of this site have got different rights. One of them has got rights for one unit, another one ??“ for a group of units, someone else ??“ for all of them.
It??™s not clear why are you speaking about access to the base.
March 20, 2007 4:25 am
- stp2233
- Member
Re: How to do this?
You haven??™t described your problem. You??™ve just described your task.
approximate mechanism of API work
That??™s what embarrasses me.
function name(module, user) {
return yes if we accept
return no if we decline
}
links to other realizations
Not here. So what is your problem?
March 20, 2007 4:33 am
- bandlist12
- Member
Re: How to do this?
Each subdomain should have limited access to the centralized data base
Even if the base centralization is compulsory (you have meant unified DB_SERVER, haven??™t you?) but it??™s not obligatory to create unified for all base (DB_NAME) and the same DB_USER and so on.
Or maybe you have something like cheap hosting with permission for one DB_NAME only? Then you shouldn??™t talk nonsense about ???organization??™s site??™.
March 20, 2007 4:39 am
- Stre@m
- Member
Re: How to do this?
Each subdomain should have limited access to the centralized data base: review should be free but only a limited set of tables and entries (i.e., for instance, editing some album within photo gallery) should be available for changing.
Are there any other variants of realization? Can I read something concerning the topic somewhere and where should I search?
This question isn??™t related to the thread as far as division of powers within data base has nothing to do with PHP.
And the task itself is set up incorrectly ??“ the developers??™ group shouldn??™t have any troubles with access rights to the data base of their site. But this is a question of management not of PHP.
If you need to create a central depository and limit sub-units??™ rights, you are to make a service and an interface of the resource access. But this is suitable for organizations with affiliate net of the national scale.
If your task is only ???to evade total breaking??™, you are to hire professionals and make backup.
