Use Guide - Manage


1 The Mechanism of Privilege Management for SEE
  1.1 Super Manager
  1.2 User
  1.3 System Roles and Data Roles
  1.4 The Default Privilege Model of SEE
  1.5 The Default Accounts of SEE
  1.6 Special Data in SEE
2 Configing the Parameters of the Entire System
3 Data Audit in SEE
  3.1 What to Be Audited?
  3.2 How to Audit?
  3.3 Maintaining the Audit Data
4 Data Importing in SEE
5 Speed Testing of SEE

1 The Mechanism of Privilege Management for SEE

1.1 Super Manager

   The super manager is the creator of the system and can use all functions.

   The super manager is a special user as following:

  • Her/his private information is self-governed against other users'. It is saved in a different file.
  • Her/his show-setups and query-setups will be shared by all users.
  • Her/his audit information can not be seen by other users.
  • Once her/his private information is damaged, the system will recover it into a default status.

       After the user download and install SEE, you should login with the super manager's account, which is "superseer" and the password is null, at first, and do the following:

  • Set the parameters in "Init Config". Please refer to "Init Config".
  • According to your requirement, modify or add the "System Role" and "System Role Acl".
  • According to your requirement, modify or add the information structures. For example, to "Problem Report", If the selection values of the field "Status" are not fit for your requirement, you should modify them before you begin to use it formally. The super manager can grant this work to some system role.
  • Please modify the password of "superseer". Don't forget!

    1.2 User

       Any accessing person is a "user" of SEE. Even if the person does not login, the system will use the default account of guest to provide functions to her/him.

       User can only use the allowed functions. The privileges of a user is determined by the following model:
         1) If the user belongs to a system role, she/he will own the privileges of this system role defined in the table "System Role ACL" automatically.
         2) If the user belongs to a data role, she/he will own the privileges of this data role defined in the table "Data Role ACL" automatically.
         3) User's privileges can be complemented in the table "Data User ACL" directly.

       The privilege strategy used in SEE is that "Only defined, is permitted".

       Except for the buttons in the top and bottom, user can only see the function buttons which she/he is allowed to use. Even if a user invalidly access a page by some other way, the system will refuse to serve. Because the system will judge user's privilege before it shows every page.

    1.3 System Roles and Data Roles

       The differences between the system roles and the data roles are:
  • The system roles are defined and granted by the super manager, while the data roles are defined by the users who have the privilege to maintain the table "Data Roles" and granted by the users who have the privilege to maintain the table "Data Role ACL".
  • To system roles, all information structures can be granted. To data roles, the following are not able to be granted: "System role", "System Role ACL", "Data Role", "Data Role ACL", "User", "Data User ACL", "Data Audit". These special information can not be granted to the data roles.
  • To system roles, all operations can be granted. To data roles, the following are not able to be granted: "Config" and "Audit". These important operations can not be granted to the data roles.

       A system role and a data role can have a same name, because the system will find the roles in different tables.

       In these privilege tables, the selection values of the field "data" are produced by the system automatically. So after user adds or removes some information structure, the selection will change correctly.
       In these privilege tables, user can define the "condition". Now this feature is not better, but it is enough for the current default privilege model.

       In the default privilege model in SEE, there is a "personnel manager". This system role is designed especially to maintain the data roles.

    1.4 The Default Privilege Model of SEE

       After you install SEE, there are default privilege data in the system.

       The default privilege model is based on the following idea: open the management of the project information as widely as possible, and make these information transparent completely to all members in the team.
       In functions, each member is able to add, modify, query, audit the most information of the project. (The removing privilege is only assigned to the data manager) Do not worry about someone's making trouble, because all of operations, data content and executing result will be record by the system automatically.
       Owning enough information, anyone is able to monitor anyone. (The super manager is invisible)

       In more details, the default privilege model in SEE is:

  • The super manager defines the following three system roles:
       "personnel manager" responds for assigning the privileges of maintaining the project information. She/he can maintain these tables: "Data Role", "Data Role ACL", "User", "Data User ACL".
       "audit manager" responds for maintaining the audit records.
       "general user" can modify her/his private information and query audit records about the project data. All users are belong to the "general user", except for the "guest".
  • The personnel manager defines the following two data roles:
       "data manager" can batch modify, remove and import the project data.
       "general member" can execute the following operations to project data: "add", "insert", "copy", "modify", "query", "select". All users are belong to the "general member", except for the "guest".

       So all users will have the following privileges: modify private information, query audit records about project data, execute the operations of "add", "insert", "copy", "modify", "query" and "select" to project data, except for the "guest".

       If user want to use another privilege model. you can remove the default privilege data and define them to fit your requirement.

    1.5 The Default Accounts of SEE

       After user install SEE, there are some default accounts as following. Their passwords are all null. Suggest user to try them.
  • "superseer", who is just the super manager and can use all functions.
  • "Mara", who belongs to the "audit manager", "general user" and "general member". She is just the granny herself. :)
  • "LuLu", who belongs to the "personnel manager" , "general user" and "general member". He is the granny's second cat, a lively varlet.
  • "MeiMei", who belongs to "data manager", "general user" and "general member". He is the granny's first cat, a lively poppet.
  • "Chong", who belongs to "general member".
  • "guest", who is assumed as a potential kind user and can use very limited functions. Before user login or after user logout, this account is used.

    1.6 Special Data in SEE

       There are three types of special data in SEE:
  • The "Pre-defined Data", whose structure definition can not be modified by any user, including the spuer manager. So the "Config" button will never appear in the interface.
       They are "Init Config", "Interface Theme", "System Role", "Data Role", "System Role Acl", "Data Role Acl", "Data User Acl", "User", "Data Audit", "Show Setup", "Condition Setup", "Statsitic Setup", "Upload Manage", "Speed Testing", "Translation", "Personal Message".
  • The "System Data", whose values can be modified only by the super manager. Their names will never appear in the tables of "System Role Acl", "Data Role Acl" and "Data User Acl".
       They are "Super User", "System Role", "System Role Acl", "Interface Theme", "Init Config", "Show Setup", "Condition Setup", "Statsitic Setup", "Speed Testing".
  • The "Super Data", whose values can be modified and granted only by the super manager. Their names will never appear in the tables of "Data Role Acl" and "Data User Acl".
       They are "User", "Data Role", "Data User Acl", "Data User Acl", "Upload Manage", "Translation", "Data Audit".

    2 Configing the Parameters of the Entire System

       The super manager can custom the running parameters of the entire system.
       The method is that click the button "System" in the top of the interface and select the button "Init Config" in the left of the interface. The right page is just the management page for init configuration as the following:

    Init Config - Modify

    Identify : init
    Default User :
    Default Interface Style : Default Style
    Default Interface Theme : Default Theme
    Default Page Size :
    Data Audit Types : Config Add Insert Copy Import Remove Modify Batch Modify Query Audit List Data Show Record Export Login
    Default Upload File Size(KB) :
    Default Upload Total(KB) :

       Although called "Init Config", they can be modified at any time and will go into effect immediately.

    3 Data Audit in SEE

    3.1 What to Be Audited?

       The super manager can custom what will be audited at any time and this will go into effect immediately.

       Refer to the Configing the Parameters of the Entire System.

       Suggestion: only audit the operations which will modify the value of information structure or its data, such as "Config", "Add", "Insert", "Copy", "Remove", and "Modify".

    3.2 How to Audit?

       After the super manager defines what to be audited, the system will record all things about the defined operations automatically.
       Every audit record includes "Id" (Produced automatically.), "Data", "Operation", "Keys", "Old Values", "New Values", "Who", "When", "Where", "Result".
       To "Add", the system records all not-null values of the new data.
       To "Modify", the system records the old values and new values of the modified fields.
       These information are enough for tracking data modification and recovering data.

    3.3 Maintaining the Audit Data

       The super manager can grant some role or user to maintain the audit records.
       The granted user can add, remove, modify, query the audit data. The method is that click the "System" button in the top of the interface, and select the button "Data Audit" in the left of the interface. The right page is the management page for audit records.

       But the author does not suggest to manufacture audit data manually. They are the objective results record by the system automatically.

       The audit data should be exported and removed in time.

    4 Data Importing in SEE

       In the top of any information's page, click the button "Import", the system will show the following page:

    Problem Report - Import

    Please select a XML file which is in correct format and right structure, or data can not be able to be imported.

    File :
    File size can not over 1000KB.
    To the data with the same keys, override them : Yes No

       When the current information is a matrix table, there will be an additional selection in the above page:
    Main Data Matrix Data

       After import, system will return the following page:

    Problem Report - Import

    Successful

    Valid : 5
    Add : 4
    Override : 1

       Notice: Import will only add one audit record about itself, and data added or modified in this operation are all not tracked! So the privilege of importing should be limited strictly.

    5 Speed Testing of SEE

       The super manager can test the speed of SEE at any time.
       The method is that click the button "System" in the top of the interface and select the button "Speed Testing" in the left of the interface. The right page is just the management page for speed testing as the following:

    Speed Testing

    Add 1000 500 200 100 50
    Sort Char String Integer Float Date Time Automatic Null

    Total Count : 0      Response Speed : 10   Milliseconds

    This testing is only for the time-consuming about reading, sorting, and writing with XML files. When using functions of SEE, more time will be consumed for constructing page elements.

       The super manager can add, remove, modify, query, statistic the testing data, just like to any other data.

       The response speed will be shown in the right-bottom corner of each data page.

    https://sourceforge.net/projects/chong2see/

    Software Engineering Environment Version 0.07/2004-12