Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [roles]

38 questions
69
votes
3 answers

Role vs Permission Based Access Control

I'm trying to understand the inherent tradeoff between roles and permissions when it comes to access control (authorization). Let's start with a given: in our system, a Permission will be a fine-grained unit of access ("Edit resource X", "Access the…
smeeb
  • 4,820
  • 10
  • 30
  • 49
30
votes
2 answers

How to design role based access control?

I am trying to follow the role bases access control model to restrict what users can or cannot do in my system. So far I have the following entities: users - People who will use the system. Here I have usernames and passwords. roles - Collection…
imran.razak
  • 379
  • 1
  • 3
  • 10
28
votes
19 answers

What hat should a programmer not wear?

In my experience, software developers tend to wear multiple hats and fill multiple roles with different responsibilities. From not only coding, but sometimes also writing SQL, designing the user-interface, designing the database, graphics…
spong
  • 9,361
  • 6
  • 44
  • 58
28
votes
8 answers

What are the negatives of Development Managers as Scrum Masters?

It is commonly agreed that team managers should not be scrum masters, but I am struggling to see why. For context, I am an Application Development Manager with 4 devs in a Scrum Team. I come from a Scrum Master background, and have introduced…
SpoonerNZ
  • 862
  • 6
  • 16
22
votes
5 answers

In Scrum, why shouldn't the Product Owner and ScrumMaster roles be combined?

In the more traditional projects that I've worked on, the project manager (and, on larger projects, there might be associate/deputy/assistant project managers should one person be unavailable) is the person responsible for communicating with the…
Thomas Owens
  • 79,623
  • 18
  • 192
  • 283
10
votes
6 answers

What defines "software developer" role

I am a junior software developer and I have been working for a company less than a year. While I always thought being a software developer means to develop software and CODE something, my tasks are more in administration type of work, such as…
mrz
  • 275
  • 2
  • 8
8
votes
4 answers

Correct Way to Implementing Authorization Checks in ASP MVC

In ASP MVC we have the Authorize attribute to perform check at either a controller level or at a controller method level. But what if you need to do check permissions inside a controller method e.g let say your doing some update or create action to…
adam78
  • 291
  • 3
  • 9
6
votes
2 answers

Permission system using PHP and JS

I'm developing an admin dashboard with different areas, where different users may have different permissions. For example: News John: edit, view, add, remove; Carlos: edit, view; Mario: --; Support John: view; Carlos: edit, view; Mario: edit,…
celsomtrindade
  • 291
  • 1
  • 7
6
votes
4 answers

How to simplify this Role and Permission management design?

I'm working on a web application that has users with multiple roles and each user can perform multiple operations, based on user's role, and the permission level the role has on the operation. I came up with the following…
TechCrunch
  • 613
  • 2
  • 10
  • 17
6
votes
3 answers

How to securely implement roles in a Windows Form application?

As an ISV, what is considered best practice for implementing application role based security? In other words, only allow users to access certain features in the application based on what roles they belong to. We currently just use a table in our…
jonchicoine
  • 113
  • 1
  • 5
6
votes
5 answers

Is a coder that 'quality checks' bug fixes and bugs raised by testers a recognised role?

I've recently found myself frequently in the position where I'm checking both bug fixes by other programmers, and bugs raised by the QA team. Any bug fixes frequently end up having 'collateral damage', and I've found it invaluable to go through any…
Flynn1179
  • 161
  • 2
4
votes
2 answers

Proper way to differentiate user types in OO

I'm designing an application where I have users and admins (further down in the future, I can have different sub-ranks, where each one can have access to some area of the application). Currently, I have a single "User" class with a "type" integer…
Tiago Duque
  • 317
  • 1
  • 2
  • 8
4
votes
2 answers

Roles and permissions: a good approach in defining permissions?

My application has users and administrators. The administrators split into two: super-admin and limited-admin. The super gets all permissions while the limited can be configured to inherit just the admin permissions that are specifically needed. I…
Cristian
  • 141
  • 1
  • 6
4
votes
2 answers

Best practice in application design / SQL authentication

I am currently involved in the implementation/design of an existing application for a large scale customer. The application has a similar model as e.g. vCenter Server whereby a number of components store information in and extract information and…
mvdwrd
  • 41
  • 1
  • 2
4
votes
2 answers

What kind of permission is this? (Groups+Roles)

I'm starting to need an access control for roles in my app. I don't know much of this, but I understand how vBulletin works: I create groups, then give permissions to groups. I think that what I need is the Role Bases Access Control (RBAC) , but…
JorgeeFG
  • 659
  • 4
  • 13
1
2 3