Re: access control

[Hans-Albert Schneider]

>>>>> "MZ" == Milan Zamazal <address@hidden> writes:

>>>>> "PN" == Peter Novodvorsky <address@hidden> writes:

    PN> Is it enough? ;-)

    MZ> Pardon my ignorance. :-) Generally, I'd be curious
    MZ> whether your problems come from a real experience or you
    MZ> just think only on a theoretical level.

I cannot speak for Peter, of course.  However, we are currently
using GNATS internally.  Opening it to our customers would
require some method to restrict access such that customers are
unable to see the reports submitted by other customers, because
the reports sometimes include real-life data of the customer.  Of
course, each customer should be able to see all their own
reports.  (So the granularity of the "confidential" flag is too
coarse.)

As our customers do not have accounts on our machines, and there
is no query-pr mail alias they could use, it is OK for us if this
is implemented in gnatsd.

A first idea that comes into my mind is to have a mapping of
usernames
- to submitter id(s) the user is allowed to use in submitting
  reports, and
- to the submitter ids whose reports this user may see (both in
  listings and in full).  [BTW, this would interfere with the
  "merging duplicates" feature discussed recently on the list.]

The mapping could be done by two optional fields to gnatsd.access.

This feature could be combined with the "confidential" flag:
Reports marked confidential are only visible to the same
submitter id, others are visible to everyone.

Of course, the developers must be able to see all reports, as
should those of us who do consulting for the customers.


Hans-Albert

PS: If somebody wants to discuss this with me: I will not be able
to access this mailbox from June 14 to June 24, inclusive.

-- 
Hans-Albert Schneider           <address@hidden>
Siemens AG                      phone:  (+49) 89 636 45445
Corporate Technology            fax:    (+49) 89 636 42284
Munich, Germany
 -- To get my public PGP key, send me a mail with subject "send key" --