Found this cool little app today called
GTray. Pretty neato. I am currently forwarding all mail from my accounts to GMail, and so far it is very nice. I dig the searching ability, and I used to send myself emails all the time containing code snippets or urls, now I can type a description and a bunch of keywords and google will locate the email for me. Plus I get this capability from anywhere.
An interesting problem reared its ugly head at work a few days ago. We have been tossing solutions over the wall at each other, but we have failed to come up with something conclusive. We are attempting to develop a data model for a security system to be implemented in our web based product. One of the main sticklers of this problem is that we are “lazy” developers at work, and we don’t want to build a maintenance nightmare.
The information below is considered proprietary and should not be disclosed with the public under penalty of death. Just Kidding =)
Our product is actually several applications that use the same database. We build websites for automotive dealerships. It is a content management system with integrated inventory, lead management and theme-able websites. There are 3 main web applications in this product. The ContentDelivery ASP.NET application is responsible for the consumer facing aspect of our product. It contains the theme architecture as well as displaying the content stored in the database. The DealerAdmin ASP.NET application allows automotive dealerships to manage aspects of their website, such as content, images, and inventory displays. The ASP.NET EmployeeAdmin application allows employees in our company to administer the overall product via CRUD pages.
The Person table in our database represents a unique individual. The PersonType table delineates between Employees (company employees that can log into the aforementioned EmployeeAdmin) and Customers (dealer employees that login to DealerAdmin). The Site table represents a virtual site or front end of a dealership. The Dealership table abstracts a physical automotive dealership. A Dealership can have 1 ore more Sites. A Site must belong to a Dealership, and can only belong to 1 Dealership. The reason for this relationship is that a Dealership is meant to be an abstraction of a real dealership. A Site is meant to be a virtual “store front” of a Dealership. For example, Spanish and English sites for the same Dealership.
If I haven’t bored you to death yet, here comes the quandary we have:
In the DealerAdmin application, dealers can login to change information about their site. Since company employees will be providing support for dealers, they must also be able to login to the DealerAdmin tools. In our application we are currently tying a person to a site via the
SitePerson intersect table. We are now trying to retrofit a more robust security model on the top of that. In our SecurityRole table we have several roles defined each with a weighted precedence. A Customer may be in the Content role, which allows him/her to update content for a particular site. The mapping between SitePerson and SecurityRole is done with another intersect table called SitePersonSecurityRole. This allows us to map a specific Customer to a specific Site. Customer roles are intended to be mutually exclusive. Either you have it, or you don’t. An Employee, however, should be allowed to access any site since we trust them more. Essentially what we have is a tier based authorization system. An Employee can be a member of 1 of 4 Tiers. Tier 4 is the highest level of security. Tier 1 is the lowest employee level of security. Tier 1 supersedes all Customer security roles. The way we manage this is through precedence. A Customer role called Content has a precedence of 1, while a Tier 1 role has a precedence of 2. A Tier 2 role has a precedence of 3 and so on. This has worked great so far, but the problem we are now running into concerns Dealerships, Dealer Groups and Enterprises.
We would like to add tables for Dealer Groups and Enterprises which allow us to build hierarchies based on organization units. For example, one of our largest clients is considered to be an enterprise. They have several Dealer Groups contained within their business unit. In turn Dealer Groups may contain several dealerships. A dealership is NOT required to exist within a Dealer Group. We need to build a security model that allows us to define a user as a particular role for a whole enterprise, for just a single site, or any combination of roles in between. So we have a whole hierarchy we need to design a security model around. Preferably this time around we would like to build it in such a manner that if business processes change, we will be ready.
Any takers?
We have been playing around with
Subversion at work the past week or so. I think I am a “cutting edge whore” sometimes, but it seems damn nice. Now if it would only run on IIS6 instead of Apache 2.
Funny quote from IRC...
<Alanna> Saying that Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.