Dealing with security assignments

aklass · May 3, 2024, 12:49am

I wonder if anybody has some really big projects and if so - how you deal with security assignments ?
I have huge project with around 250 tables, over 500+ apps and 12 different security groups. Each group have its own set of apps and privileges, but there are also apps with full access to all users.

When I open the Groups-Apps (autogenerated form) the list is humongous (even if filtered by the group).
Going through the list and editing privileges is a test which takes huge mount of time and it is very easy to make a mistake.

I wonder what are your thoughts or tips to maintain all this ?

aducom · May 3, 2024, 6:48am

Definiting all the groups is a burden but a one-time job. The only option I see is to make a module yourself, where you create application groups of applications that belong together and share the same security. But it is only an option if this situation applies to you. Another option is to create a maintenance module with selectable checks or select boxes and move them over in batch. But I don’t see an out-of-the-box solution. But I agree on your point, the security module is not the most user friendly to say it nicely.

aklass · May 3, 2024, 7:50am

Not only unfriendly but the database structure is very, very poorely designed. the main table with the users does not have even an UID key which speeds up searches , indexing and koining tables - huge downside

aducom · May 3, 2024, 5:14pm

Why does uid speed up searches? The datatype is not supported by all supported databases. In php it is a string. Searches on unique int is by far faster imho. Besides that, the current module is virtually the same as ages ago. But in general I agree with your points.

aamartinezz · May 5, 2024, 4:29pm

Hi,
I use the concept of a role that includes one or more applications. The user configures security by groups and roles or functionalities.
When I make new applications I have a script to insert all the new applications into their role or functionality.

For example, if you have 10 applications managing clients (grid, forms, control, etc.) all of them are under the same functionality and the user only configures this one.

Regards.

FabioV · May 10, 2024, 9:02am

I prefer to create different folders in the project with prefix for any Scriptcase app (e.g. admin_xxxxx for group administration), so when you access the admin panel you can filter by prefix.
It’s an idea that solves some problems, but not all.