Force-Field

About product

The component is intended to build a security scheme for your application.

Very often developing a complex solutions that have to serve a large number of users, you face the problem of access management. As it usually appears you don't have enough time to elaborate a security scheme for your application in details. Often this task is left for the last phase of a project and it turns out that the building of a security scheme is outside of schedule and budget. As a result the implementation of a security scheme wants much to be desired.

Our component can help you to solve this problem.

What does it give to your advance?

• Reducing of development costs by using ready-made solution.
• The component can be integrated with an application on any phase of the project.
• Security scheme is easy to change; you don't have to modify the source code of your application. Just add new access rules using the component.

Brief description

"Force-Field" enables you to declare a number of rules that define user's abilities to manipulate with logical database objects of your application. For example, a user can be either allowed only to view the object, or also to modify and to delete the object.

For convenient access management, permissions could be set not only for a certain user, but also for groups of users (called roles). Each user belongs to one or several groups or, in other words, plays one or several roles. Towards different system objects the same user can play different roles. For example, a user is recognized as "author" towards certain "article" object and as "moderator" towards particular "forum" object.

All objects of an application are organized into a hierarchical structure. On the top level there is a single root object.

This object tree provides inheritance:

1. List of roles inheritance - by moving towards deeper levels of hierarchical structure the list of roles set for a user on the higher levels is inherited.
2. Inheritance of decisions (admittance or prohibition) - an access rule can contain one of the following resolutions: "yes" (operation is allowed), "no" (operation is forbidden) or "inherit". In the last case the component takes a decision whether the requested action is allowed for the parent object. The result is used as the answer to the request.

Inheritance of instructions is also possible - an access class can inherit all the access rules from a base class.

It's easier to integrate "Force-Field" with your application on the first phase of development cycle when the system is designed taking the component into account. But it can be useful even on closing phases; the component doesn't have high requirements to the database structure of your application.