Table of Contents
Detailed Content List
Introduction
Installation
Security
|
|
Information & Reports
Database Tools
Site Tools
2011 Versions
2010 Versions
|
Section - 3.1 Overview
Rev Jan 1, 2011
This section explains how the login system is designed and how
it provides access to advanced features. The built in security features are supported
in several ways. For example some security features are enforced through user login
type, user privileges, menu access, hidden tokens or a combination of these.
To help suppress attacks, and because this document is
readable by all users, only the security features necessary for administration will
be discussed.(there are several other security features besides those just mentioned)
Section - 3.2 Guest Login
Section rev Jan 1, 2011
The most basic security decision to make is whether to allow
unregistered users public access. While the permissions can be customized so
that no harm can be done, allowing unregistered logins does let every one read
about your problems. Given your circumstances, is this a good idea?
The login setting are located at...
admin -> site menu. Notice the setting for whether the
site is public?
Whether unregistered login's are allowed, is displayed as part of
the login form. The message shown depends on what the admin has chosen.
If public guest logins are allowed, then the permissions are set
by user #3 at...
admin -> user menu.
Section - 3.3 Auto Register
Section rev Jan 1, 2011
The next security choice is whether to allow a user that has
just registered, to immediately be able to login.
The login setting for this is located at the...
admin -> site menu.
After a new user registers, a message will be displayed that tells
them whether they must wait for approval or they are allowed to immediately login.
If auto Register is allowed, the new user will be given the default
permisssions set for user #2. Unless changed by the admin, the settings are as follows...
Section - 3.4 User Privleges
Section rev Jan 1, 2011
When a new user is created or they are allowed to auto register,
the default user #2 settings are used for permissions
(see previous section). Listed below are considerations that should be given when
assigning privileges. The obvious choices have not been included.
legal name
It is important that a legal name is provided. It would be used
if an email or some other type of communication is needed.
admin
Can this user access the admin menu? Having access to the admin\
menu provides unlimited access and edit capability.
stats
Can this user see the statistics? On large corporate projects,
it may be advisable to allow everyone to write bug reports but you may not want
to let the user see the response times, types of problems, or volume of bugs.
new
In certain instances, you may want user sto be able to view the
status of the development, but may not want them to be able to create new bug
reports.
search
A modest set of pre-made serchs are provided. Do you want this
person to create custome search criteria? Allowing custom searches will allow
unlimited access to the bug history and reports.
|