User Authentication
 
Introduction 
Like  many computer operating systems a user authenticates himself by entering a user login id  and a secret password known solely to himself and the system.  The system compares this password with one recorded in a User Table which is available to only the authentication program.The integrity of the system depends on keeping the table secret. The user tables are completely protected against the outer introducers. Local privacy of the user tables are restricted to the Grading System and the Oracle Server system administrators.
Authentication
Internally, user authentication is split into three folds.

The first is restricting the system access to its users by checking user entered login id and secret passwords with those stored inside the system. Despite the passwords are not stored in an encrypted format at the Oracle Database Tables, only system administrators may get these information. Infact, it is unnecessary to encrypt the passwords as long as they are away from the public for the reason that system administrators do not require authentication data to access and to manipulate the stored data. At the moment, system integrity is robust because no other person  but system group can access the grading system.

The second part of the authentication mechanism is keeping access lists for the system users. If we do not count the super user exception, all the users are restricted only to access  to the allowed part of the database.   For each user the names of the courses, which he can access,  are kept  in the user tables. Whenever  a user wants to access some private data, or HTML pages, his access list automatically checked whether he has this course in his access list. Access lists can be easyly  manipulated in the user records of the grading system, simply by carrying present course names to the access list box.

Since privacy issues are most important in such a system, user password authontication and access lists are not enough to keep privacy by themselves. Therefore, a further mechanism, user access priviliges, is also included in the system. The user access priviliges puts one more layer of restrictions to access  and/or manipulate any private data. After getting a successfull password authentication, and having desired course specified in the access list, a user must have powerfull enough priviliges to read and/or to write, update some records, or to see HTML information pages.

There are following 6 categories of user priviliges defined in the grading system

  • SUPER USER
  • INSTRUCTOR
  • CO_INSTRUCTOR
  • TA
  • SYSTEM
  • BROWSER
  • No name users, i.e., students.

  •  
More specifically, the following schema of user priviliges are currently defined in the system.
 
  • Super Users can access every data and every page possible at the front end of the system. Super user is the only user who can define new users and/or update the existing user rights. A super user can change the other users' status and access list. As an exception super users does not require an access list to browse any course information.
  • Instructor users are the next powerfull users. Except the system issues, they can access and update every data and see HTML information pages possible at the front end of the system. On the other hand, an instructor user is also restricted with the access lists, which means that they can not see  anycourses but their own courses.
  • Co-instructor users are almost equal to the instructor users. However, they have some limitations. A co-instructor can not read/write secret remarks for the students, add a new course, or delete the existing course. However, he can update the existing course. A co-instructor can also perform every operation related with the assignment records.
  • TA users are completely restricted from manipulating course records. However, they are allowed to see a course record information as long as they have the course in their access lists. They can do everyhing related with grading and student records. TA users have a special field for making comments about students, which will not appear publicly in front of the students but only in front of the (co)instructors. TA can also get the row data backup for his course.
  • System users are in most resricted user group. System group is allowed to see student lists and emails to open accounts like unix accounts . 
  • Browser users have more rights than the system group. They can see the student grades and statistics. However, they are not allowed to change any data in any way.
  • Students are in the other group of the grading system users. Students do not have any user records, however, they can access some their own records through the front end of the grading system,  change their personal informations, and  see their assignment grades, final grades, averages, partials, public comments given about them, etc.
 
 

[home]  [back]