One of the features we are called to implement usually is the ability for the security officer to revoke all user rights while thew user is IN the applications. Could this be implemented by simply deleting the rights to RWUD? What options are there for the Security?
What is RWUD?
Revoking rights while users are IN the application depends mostly on your application. Sphinx issues tokens and credentials that will be understood by your application. It's up to your application to check those and perform the proper authorization.
Read Write Update Delete?
1 Like
As Wagner already pointed out, revoking a user's access needs to be implemented in the application. You could design your application, so that the token issued will only serve as an authentication method. Within the application you can design the execution of functions so that they will check if an authorization object exists for that user. That authorization object couold be stored within the appliactions database for example. If you want to revoke a user's access, you simply remove the authorization object for that user. As soon as the user executes the next function, the application detects that there is no authorization object for that user and will reject the selected operation.
Another approach could be, that you set a flag for the user, which indicates that the user is a valid user. Every operation will check whether the user has a valid user flag set. If not, the selected function will be rejected. All you need to do now, to prevent the user to perform unauthorized activities, is to remove the valid user flag.
I see Sphinx as an authentication framework, determining whether a user will have access to an application or not. Within the application, you can implement an authorization concecpt which will determine what a user can and can not do within an application. That way you can revoke authorizations, when a user is logged into an application
2 Likes