The Demo Database Security Model

The Demo Database Security Model

The Veil demo has three security contexts.

• Personal Context applies to personal data that is owned by the connected user. All users have the same privileges in personal context, as defined by the role Personal Context.
• Global Context applies equally to every record in a table. If a user has SELECT_X privilege in the global context, they will be able to select every record in X, regardless of ownership. Privileges in global context are assigned through person_roles.
• Project Context is a relational context and applies to project data. If you are assigned a role on a project, you will be given specific access to certain project tables. The roles you have been assigned will define your access rights.

The following sections identify which tables may be accessed in which contexts.

The Global Context

The global context applies to all tables. All privilege checking functions will always look for privileges in the global context.

Personal Context

The following tables may be accessed using rights assigned in the personal context:

• persons
• assignments
• person_details

Project Context

The following tables may be accessed using rights assigned in the project context:

• projects
• assignments
• project_details

Next: Exploring the Demo