Security model
Tequila uses a very strong and versatile security model that can be adjust to most requirements. Take some time to get acquainted with the general concepts!
All user calls are made on a page / tast
User always intend a specific action
All tasks-action pairs are part of an LDAP tree
Task-action pairs are related to some categories
Users belong to categories (1+)
Users belong to profiles (1+)
The categories of the user are matched agains the task-action related categories
Understanding the security model
Late bound model
LDAP naming style
Inheritance based on naming
Follow the natural rules of the company
Human readable
Any combination of categories available
Profile use available for simplified management
Straight category assignment for better security granularity
Infinite number of groups to be targeted are allowed
Restrictions are added for specific actions over an object, i.e.:
View
Edit
Late bound model
We understand security is always changing in an application, so we create a human readable security model that can be applied AFTER the application is coded and easily modified!
Security is always present even in the simplest page that you can code or a generated CRUD, so unless you need more granularity or a special case you don't need to code for security
LDAP naming style
Tequila use LDAP naming style and inheritance to simplify security setting, all tasks are named like:
systems.your_system_name_set_in_config_file.tasks.task_name
The action the user wants to perform is added at the end of the name, i.e.
systems.your_system_name_set_in_config_file.tasks. task_name.delete
Inheritance based on naming
You can assign permissions with high granularity or general ones.
Example: You want to secure delete customers in your CRM app
The security engine will check:
systems.mycrm.tasks.customers.delete
systems.mycrm.tasks.customers.all
systems.mycrm.tasks.delete
systems.mycrm.tasks.all
systems.mycrm.delete
systems.mycrm.all
systems.delete
systems.all
Global policy on security as set in config file
You can start with a general rule and just set security for the special exceptions.
Follow the natural rules of the company
Tequila security doesn't force you to create a collection of Roles and profiles, you SHOULD mimic the company structure to get maximum versatility. See example for more
Human readable
Because it follows the company organization.
Any combination of categories available
One of our main drives were to break the normal 1 category or maximum 2 categories limit found in most systems, this limits normally result in a massive amount of roles being created or under usage of the system as it doesn't provide the required privacy / specialization.
Tequila security provide unlimited amount of categories, most systems will still only use 1, but well if your systems is complex you don't need to suffer :)
In Tequila all works based on a clasifier-category combination, please check the example to understand more
Profile use available for simplified management
Have many people following into the same categories? Sure we have profiles. You can use profiles + categories for maximum targetting