Journal of Systemics, Cybernetics and Informatics (Apr 2007)
Implementation of Hierarchical Authorization For A Web-Based Digital Library
Abstract
Access control mechanisms are needed in almost every system nowadays to control what kind of access each user has to which resources and when. On the one hand access control systems need to be flexible to allow the definition of the access rules that are actually needed. But they must also be easy to administrate to prevent rules from being in place without the administrator realizing it. This is particularly difficult for systems such as a digital library that requires fine-grained access rules specifying access control at a document level. We present the implementation and architecture of a system that allows definition of access rights down to the single document and user level. We use hierarchies on users and roles, hierachies on access rights and hierarchies on documents and document groups. These hierarchies allow a maximum of flexibility and still keep the system easy enough to administrate. Our access control system supports positive as well as negative permissions.