Privileges, Roles, & Users: Web PagesIntroduction Editing this page requires a clear understanding of its functionality; proceed with caution before changing this page. To understand how SPMS web pages are mapped to privileges you must understand a few basic things. The following is a brief explanation of how SPMS runs in its environment. SPMS and ApacheSPMS is a set of CGI scripts running on an Apache web server. Apache provides information about its environment to the CGI script that is running. One of the items available to the CGI is the URL running when the CGI script is invoked. SPMS extracts the name of the CGI script running (e.g., profile.html or jacow.html). It then uses the script name to determine if any privilege is required to access that web page (CGI script). If that web page is mapped to a privilege, then SPMS finds all the functional roles assigned to that privilege. Next, SPMS determines if the user logged in is a member of that functional role. If the user is a member then access is granted, otherwise access is denied. The next thing you need to understand is that the CGI scripts in SPMS are grouped together into packages. Packages contain common functionality. For example, the editor package contains code for the editors' module. The editor module can contain many pages, such as editor.html, editor.qa, and editor.list. In most cases you restrict access to the entire editor package by specifying the web page name as editor.%. The percent (%) character is a wild card that tells SPMS to match any web page that begins with the text editor followed by a dot. Mapping Privileges to Web PagesKnowing how SPMS and Apache work, along with the URL of the web page you wish to restrict, you can map web pages to specific privileges using the web pages maintenance screen. Begin by selecting a CGI script from the drop-down menu provided then click "Submit". The next pages lists all the modules within the selected package. You have the option of using the wild card, which is identified by the option "*** Any URL starting with..." or selecting a specific page within the module. Note: The SPMS database contains a complete list of all modules and pages within each module. Once you've added the module you can add one or more privileges to the web page(s) by selecting the appropriate privilege from the drop-down list next to the web page. Click the "Revoke" link next to the privilege name to remove the privilege from the web page. Which web page to restrict is up to you. As you access specific SPMS web pages note the name of the CGI script running in the URL. The full script name is the text following the last slash in the URL. For example, in the URL http://spms.mydomain/pls/jacow/editor.html the CGI script name is editor.html. If you wish to restrict access to that single web page you select editor on the first page and html on the second page, then map specific privileges. |