~drizzle-trunk/drizzle/development : contents of docs/administration/authorization.rst at revision 2484

~drizzle-trunk/drizzle/development : (revision 2484)

Authorization
=============

Authorization is finding out if the person, once identified, is permitted to
have the resource. [1]_  

Drizzle authorization is handled by plugins. There is no single
source where users or access rights are defined, such as a system user table, 
but each auhtorization plugin will use different sources to define or store
access rights. By default no authorization plugin is loaded, this means that
any logged in user is authorized to access all database objects and do anything
he wants (everyone is super user).

The following authorization plugins are included with Drizzle:

* :doc:`/plugins/regex_policy/index` - ALLOW or REJECT access by matching a regular expression against the table name.
* :doc:`/plugins/simple_user_policy/index` - Allow a user to only access a schema that matches their username.

Limitations
-----------

At the moment there doesn't exist a plugin which would implement anything 
resembling the traditional SQL standard GRANT and REVOKE type of authorization.
You are invited to share your opinion on whether that level of authorization
control is necessary in a modern database.

Note that at the moment there also is no plugin that would distinguish between
read and write operations, rather access is always granted to schemas and tables
in an all or nothing fashion.

-------------------------------------------------------------------------------

.. rubric:: Footnotes

.. [1] `Authentication, Authorization, and Access Control <http://httpd.apache.org/docs/1.3/howto/auth.html>`_

2397.1.1 by Daniel Nichter Skeleton documentation for all plugins, more complete docu for first half of plugins.	1	Authorization
	2	=============
	3
	4	Authorization is finding out if the person, once identified, is permitted to
2457.1.1 by Henrik Ingo Fixes to the new documentation in lp:~daniel-nichter/drizzle/7.1-docs	5	have the resource. [1]_
	6
	7	Drizzle authorization is handled by plugins. There is no single
	8	source where users or access rights are defined, such as a system user table,
	9	but each auhtorization plugin will use different sources to define or store
	10	access rights. By default no authorization plugin is loaded, this means that
	11	any logged in user is authorized to access all database objects and do anything
	12	he wants (everyone is super user).
2397.1.1 by Daniel Nichter Skeleton documentation for all plugins, more complete docu for first half of plugins.	13
2425.2.2 by Daniel Nichter A lot of doc changes: rewrite and expand Configuration and Administration, re-order top-level sections, enhance Contributing, add Release Notes, add Help and Support, fix title casing, label all plugins, other misc. enhancements.	14	The following authorization plugins are included with Drizzle:
	15
2457.1.1 by Henrik Ingo Fixes to the new documentation in lp:~daniel-nichter/drizzle/7.1-docs	16	* :doc:`/plugins/regex_policy/index` - ALLOW or REJECT access by matching a regular expression against the table name.
	17	* :doc:`/plugins/simple_user_policy/index` - Allow a user to only access a schema that matches their username.
	18
	19	Limitations
	20	-----------
	21
	22	At the moment there doesn't exist a plugin which would implement anything
	23	resembling the traditional SQL standard GRANT and REVOKE type of authorization.
	24	You are invited to share your opinion on whether that level of authorization
	25	control is necessary in a modern database.
	26
	27	Note that at the moment there also is no plugin that would distinguish between
	28	read and write operations, rather access is always granted to schemas and tables
	29	in an all or nothing fashion.
2425.2.2 by Daniel Nichter A lot of doc changes: rewrite and expand Configuration and Administration, re-order top-level sections, enhance Contributing, add Release Notes, add Help and Support, fix title casing, label all plugins, other misc. enhancements.	30
2397.1.1 by Daniel Nichter Skeleton documentation for all plugins, more complete docu for first half of plugins.	31	-------------------------------------------------------------------------------
	32
	33	.. rubric:: Footnotes
	34
	35	.. [1] `Authentication, Authorization, and Access Control <http://httpd.apache.org/docs/1.3/howto/auth.html>`_