User Information

The following user-related information is stored within the Carapace database:

basic details such as a userId, password etc.
addresses -- a user can have many names or addresses eg. several email addresses for Internet email, several X.400 addresses etc.
roles -- a user can perform several roles such as a simple read-only role or a powerful system administration one
resources -- each role gives access to one or more resources

Basic Details

The following basic details are stored for each user within the Authentication database:

userId a unique identificatier for the user

password the user's password

validFrom date & time when the password is first valid

expiryTime date & time when the password expires

description brief description about the user

title Mr, Mrs etc.

givenName the user's given or first name

initials the user's initials

surname the user's surname or family name

postalAddress the full postal address

city city within their postal address

area area or region within their postal address

country name of the country

postcode postcode or ZIP code

telephone contact telephone number

fax contact fax number

organisation name of the organisation for which the user works

jobTitle user's job title within that organisation

Addresses & Address Types

A user can have many different addresses of many different types. For example, using Internet email, a user may have all of the following addresses assigned to them:

fred.flintstone@cavedwellers.com f.flintstone@cavedwellers.com flinty@cavedwellers.com

Similarly, Fred Flintstone may also have equivalent X.400 addresses:

G=Fred/S=Flintstone/P=CaveDwellers/A=StoneMail/C=US I=F/S=Flintstone/P=CaveDwellers/A=StoneMail/C=US G=Flinty/P=CaveDwellers/A=StoneMail/C=US

Carapace allows multiple address types to be defined. A user can then have multiple different addresses of the same or of different types.

The Admin interface defines functions for administering the address types and the user's addresses. This has a web front end for human users.

Roles & Resources

A user can perform several different roles. For example, even though Michelle is a system administrator, she generally wants to connect to the system with the privileges of a basic user since this protects against dangerous actions being done. In this example, Michelle therefore has two roles:

basic user
system administrator

The things users can do -- ie. the resources which they can access -- are defined by the roles they perform.

Carapace therefore allows multiple roles and multiple resources to be defined. In addition, the list of resources a role can access is configurable as is the list of roles a user can perform.

When a user attempts to connect to the system with a given role, Carapace checks the stored information and if the security details are OK, the user is given access to the resources identified by that role.

Contents Index Current topic: audit Related topics: databases

`userId`	a unique identificatier for the user
`password`	the user's password
`validFrom`	date & time when the password is first valid
`expiryTime`	date & time when the password expires
`description`	brief description about the user
`title`	Mr, Mrs etc.
`givenName`	the user's given or first name
`initials`	the user's initials
`surname`	the user's surname or family name
`postalAddress`	the full postal address
`city`	city within their postal address
`area`	area or region within their postal address
`country`	name of the country
`postcode`	postcode or ZIP code
`telephone`	contact telephone number
`fax`	contact fax number
`organisation`	name of the organisation for which the user works
`jobTitle`	user's job title within that organisation