Security model

Tequila uses a very strong and versatile security model that can be adjust to most requirements. Take some time to get acquainted with the general concepts!

    1. All user calls are made on a page / tast

    2. User always intend a specific action

    3. All tasks-action pairs are part of an LDAP tree

    4. Task-action pairs are related to some categories

    1. Users belong to categories (1+)

    2. Users belong to profiles (1+)

The categories of the user are matched agains the task-action related categories

Understanding the security model

    • Late bound model

    • LDAP naming style

    • Inheritance based on naming

    • Follow the natural rules of the company

    • Human readable

    • Any combination of categories available

    • Profile use available for simplified management

    • Straight category assignment for better security granularity

    • Infinite number of groups to be targeted are allowed

    • Restrictions are added for specific actions over an object, i.e.:

        • View

        • Edit

Late bound model

We understand security is always changing in an application, so we create a human readable security model that can be applied AFTER the application is coded and easily modified!

Security is always present even in the simplest page that you can code or a generated CRUD, so unless you need more granularity or a special case you don't need to code for security

LDAP naming style

Tequila use LDAP naming style and inheritance to simplify security setting, all tasks are named like:

systems.your_system_name_set_in_config_file.tasks.task_name

The action the user wants to perform is added at the end of the name, i.e.

systems.your_system_name_set_in_config_file.tasks. task_name.delete

Inheritance based on naming

You can assign permissions with high granularity or general ones.

Example: You want to secure delete customers in your CRM app

The security engine will check:

    1. systems.mycrm.tasks.customers.delete

    2. systems.mycrm.tasks.customers.all

    3. systems.mycrm.tasks.delete

    4. systems.mycrm.tasks.all

    5. systems.mycrm.delete

    6. systems.mycrm.all

    7. systems.delete

    8. systems.all

    9. Global policy on security as set in config file

You can start with a general rule and just set security for the special exceptions.

Follow the natural rules of the company

Tequila security doesn't force you to create a collection of Roles and profiles, you SHOULD mimic the company structure to get maximum versatility. See example for more

Human readable

Because it follows the company organization.

Any combination of categories available

One of our main drives were to break the normal 1 category or maximum 2 categories limit found in most systems, this limits normally result in a massive amount of roles being created or under usage of the system as it doesn't provide the required privacy / specialization.

Tequila security provide unlimited amount of categories, most systems will still only use 1, but well if your systems is complex you don't need to suffer :)

In Tequila all works based on a clasifier-category combination, please check the example to understand more

Profile use available for simplified management

Have many people following into the same categories? Sure we have profiles. You can use profiles + categories for maximum targetting

Go to models or to example