Excuse, but I can't manage to understand the VB permission scheme ... 
Better, I can't understand wich access/deny permission wins against each other.
My job is about security matters and each software product I evaulated follows almost the same schema: most particular and 'granular' permission overrides the most generic ones.
(all but WinNT security schema, in which each denial of resource overrides the access to the same resource, even more specific...)
Well. Simply I would deny a writing access to a forum to a particular usergroup, so I defined the the specific forum permission with custom settings, but even EACH member of that group can write into that forum, as specified in the category, I guess...
Besides, isn't there any way to check all the specific permissions but trying logging with a 'dummy' user and changing - time to time - his profile to test the security authorizations ? Isn't there any 'simulator' to check those auth behaviors ?
Thank you very much.
Hope this is clear enough.
P.S.: I'm sure all my cookies are reset before logging with the dummy testing user.
Bye

Better, I can't understand wich access/deny permission wins against each other.
My job is about security matters and each software product I evaulated follows almost the same schema: most particular and 'granular' permission overrides the most generic ones.
(all but WinNT security schema, in which each denial of resource overrides the access to the same resource, even more specific...)
Well. Simply I would deny a writing access to a forum to a particular usergroup, so I defined the the specific forum permission with custom settings, but even EACH member of that group can write into that forum, as specified in the category, I guess...
Besides, isn't there any way to check all the specific permissions but trying logging with a 'dummy' user and changing - time to time - his profile to test the security authorizations ? Isn't there any 'simulator' to check those auth behaviors ?
Thank you very much.
Hope this is clear enough.
P.S.: I'm sure all my cookies are reset before logging with the dummy testing user.
Bye
Comment