|
Now you get to decide who gets to do what. It can be a little confusing,
but, on the bright side, this is where you get to wield some
power.<Grin>
Before you start messing with the .cfg file, think about who your database
is designed to serve. What is the whole purpose of it and how secure do you
want your information to be? Do you want members of the general public to
be able to see it? Who will be adding records? Just you? Or will it be a
"members" site where only those who have added records can view them? Who
will be allowed to modify or delete records in your database? If you want
to require users to log in before they can view, add, modify or delete records,
do you want them to be able to sign up for accounts online or do you want
to take on the responsibility of adding them yourself? Would you like to
edit the database directly on your website, or do you want to edit it offline,
either by hand or using server software on your home computer?
There are probably 100 different possible permutations of permissions you
can have, but, except for very rare occasions, there are only 14 that I've
been able to determine are practical or wise. These are listed in the table
below, as well as the settings you will need in order to have these permissions.
If a setting is not listed, you don't need to worry about setting it. For
explanation of the "User Types" see the
Notes at the end of the table.
Permissions |
User Type |
Settings |
View/Search:
Add Records:
Modify Records:
Delete Records: |
Default user
Offline
Offline
Offline |
$auth_no_authentication = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Default user
Default user
Offline
Offline |
$auth_no_authentication = 1;
@auth_default_permissions = (1,1,0,0,0);
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Default user
Admin
Admin
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Default user
Default user
Admin
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,1,0,0,0);
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Admin
Default user
Admin
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 1;
@auth_default_permissions = (0,1,0,0,0);
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Default user
Registered user
Registered user
Admin
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_signup = 1;*
@auth_signup_permissions = (1,1,0,0,0);
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Default user
Registered user
Registered user
Registered own
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_signup = 1;*
@auth_signup_permissions = (1,1,0,1,0);
$auth_modify_own = 1;
$auth_view_own = 0;
$auth_user_field = #;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Default user
Registered user
Registered user
Registered own
Registered own |
$auth_no_authentication = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_signup = 1;*
@auth_signup_permissions = (1,1,1,1,0);
$auth_modify_own = 1;
$auth_view_own = 0;
$auth_user_field = #;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Registered user
Admin
Admin
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 0;
$auth_signup = 1;*
@auth_signup_permissions = (1,0,0,0,0);
$auth_modify_own = 0;
$auth_view_own = 0;
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Registered user
Registered user
Admin
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 0;
$auth_signup = 1;*
@auth_signup_permissions = (1,1,0,0,0);
$auth_modify_own = 0;
$auth_view_own = 0;
$auth_user_field = -1;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Registered user
Registered user
Registered own
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 0;
$auth_signup = 1;*
@auth_signup_permissions = (1,1,0,1,0);
$auth_modify_own = 1;
$auth_view_own = 0;
$auth_user_field = #;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Registered user
Registered user
Registered own
Registered own |
$auth_no_authentication = 0;
$auth_allow_default = 0;
$auth_signup = 1;*
@auth_signup_permissions = (1,1,1,1,0);
$auth_modify_own = 1;
$auth_view_own = 0;
$auth_user_field = #;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Registered own
Registered user
Admin
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 0;
$auth_signup = 1;*
@auth_signup_permissions = (1,1,0,0,0);
$auth_modify_own = 0;
$auth_view_own = 1;
$auth_user_field = #;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Registered own
Registered user
Registered own
Admin |
$auth_no_authentication = 0;
$auth_allow_default = 0;
$auth_signup = 1;*
@auth_signup_permissions = (1,1,0,1,0);
$auth_modify_own = 1;
$auth_view_own = 1;
$auth_user_field = #;
|
View/Search:
Add Records:
Modify Records:
Delete Records: |
Registered own
Registered user
Registered own
Registered own |
$auth_no_authentication = 0;
$auth_allow_default = 0;
$auth_signup = 1;*
@auth_signup_permissions = (1,1,1,1,0);
$auth_modify_own = 1;
$auth_view_own = 1;
$auth_user_field = #;
|
Notes:
a "Default user" is one that does not need to log in to the database
before having access.
A "Registered user" must log in with a unique username and a password
before being able to use the permissions you have granted.
"Registered own" means that a registered user will have the permission
to edit or view only the record(s) that he/she has added.
"Admin" means you. You can do anything you want on your own database.
The permissions given to "Admin" are those which only the database administrator
(you, or those to whom you give administrative permission) can do.
"Offline" means that you plan to make changes to your database by
editing the file offline and then uploading to your server.
$auth_signup = 1* is the setting if you want users to sign up for
accounts online. If you would rather add users yourself, set this to
0.
$auth_user_field = #; -- In place of the
#, insert the number of the userid field.
(If you've followed the whole tutorial, this should already be set correctly.) |
Upload your default.cfg file and try to access the database from different
perspectives. Use
http://www.server.com/cgi-bin/db.cgi?db=default&uid=default
to access the database as a default user. |