Home » Forums » MercE

AUTH in egi development for MercE MUI

  Thread dedicated for discussion on authorization in appgate being
  developed for MercE MUI (Viewable by all members of MercE team only.)
‹ Conventions
»

Discussion on AUTH Data structures

Submitted by akshay on Wed, 2006-09-20 18:14.
Authorization in appgate will be rule-based.

Schema for auth table in database:

  ruleid - non unique
  param  - param name
  value  - param value

Required params and values:

1. Param: user
   Description: Specifies the user/group name for which the rule is
                applicable.
   Value: username/groupname or .* if the rule is applicable for all.
   Comment: Strictly required

2. Param: blu
   Description: Specifies the BLU/BLU group name for which the rule
                is applicable.
   Value: opname/BLU Groupname or .* if the rule is applicable on all
          BLUs.
   Comment: Strictly required

3. Param: users
   Description: This parameter should be used when there are exceptions
                in authorization like if a rule denies a group and some
                of the users should be allowed then the list of such
                users can be specified here.
   Value: Comma seperated list of usersnames
   Comment: Optional

4. Param: day_string
   Description: A 7 char long string, where the position of a particular
                char represents the day of week. And its value says that
                weather the rule is true for particular day of week or
                not. e.g. YYYYYYNN says that this tuple is true if the
                current day of week is between 0-4 (Monday - Friday).
   Value: 7 char long string. Valid chars Y and N only. 
   Comment: If not specified assumed value will be AUTH_DEFALUT_DOW_STRING

5. Param: time_string
   Description: A 24 char long string, where the position of a particular
                char represents the hour. And its value says that
                weather the rule is true for particular hour of day or
                not. e.g. NNNNNNNNNYYYYYYYYYNNNNNN shows that this tuple is
                true if the current hour of day is between 8 am -18 pm.
   Value: 24 char long string. Valid chars Y and N only. 
   Comment: If not specified assumed value will be AUTH_DEFALUT_HOD_STRING

6. Param: tz
   Description: The localtime will be converted into the local time
                specified by tz (timezone) and then it will be used
                for matching day_string and time_string rules.
   Value: 3 char code for timezone
   Comment: If not specified DEFAULT_TIMEZONE will be assumed.

7. Param: location
   Description: List of IP addresses/CIDR/hostnames for which the tuple
                should be true.
   Value: Comma-seperated list of IP addresses/CIDR or Hostnames
   Comment: Optional

8. Param: _action
   Description: If all the tuples are true for a particular rule then
                the decision will be specified by its value. It can
                ALLOW or DENY.
   Value: ALLOW or DENY only.
   Comment: Srictly required

Globals:

1. AUTH_ORDER: If more than one rules match for a particular opname,
               username, location and time then the order in which
               decision is to be made is specified here.
               e.g., ALLOW,DENY
2. AUTH_DEFAULT_ACTION: If no rule matches then what is to be done of
                        the request can be specified here. It can be
                        ALLOW/DENY only.
3. DEFAULT_TIMEZONE: Default timezone.
4. AUTH_DEFAULT_DOW_STRING: Defalut day of week string.
5. AUTH_DEFAULT_HOD_STRING: Default hour of day string.
»

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.