|
|
|
User Authentication |
-
Introduction
Like many computer operating
systems a user authenticates himself by entering a user login id
and a secret password known solely to himself and the system. The
system compares this password with one recorded in a User Table which is
available to only the authentication program.The integrity of the system
depends on keeping the table secret. The user tables are completely protected
against the outer introducers. Local privacy of the user tables are
restricted to the Grading System and the Oracle Server system administrators.
Authentication
Internally, user authentication
is split into three folds.
The first is restricting the system
access to its users by checking user entered login id and secret passwords
with those stored inside the system. Despite the passwords are not stored
in an encrypted format at the Oracle Database Tables, only system administrators
may get these information. Infact, it is unnecessary to encrypt the passwords
as long as they are away from the public for the reason that system administrators
do not require authentication data to access and to manipulate the stored
data. At the moment, system integrity is robust because no other person
but system group can access the grading system.
The second part of the authentication mechanism
is keeping access lists for the system users. If we do not count the super
user exception, all the users are restricted only to access to the
allowed part of the database. For each user the names of the
courses, which he can access, are kept in the user tables.
Whenever a user wants to access some private data, or HTML pages,
his access list automatically checked whether he has this course in his
access list. Access lists can be easyly manipulated
in the user records of the grading system, simply by carrying present course
names to the access list box.
Since privacy issues are most important
in such a system, user password authontication and access lists are not
enough to keep privacy by themselves. Therefore, a further mechanism, user
access priviliges, is also included in the system. The user access priviliges
puts one more layer of restrictions to access and/or manipulate any
private data. After getting a successfull password authentication, and
having desired course specified in the access list, a user must have powerfull
enough priviliges to read and/or to write, update some records, or to see
HTML information pages.
There are following 6 categories of user
priviliges defined in the grading system
-
SUPER USER
-
INSTRUCTOR
-
CO_INSTRUCTOR
-
TA
-
SYSTEM
-
BROWSER
-
No name users, i.e., students.
More specifically, the following schema of
user priviliges are currently defined in the system.
-
Super Users can access every data and every
page possible at the front end of the system. Super user is the only user
who can define new users and/or update the existing user rights. A super
user can change the other users' status and access list. As an exception
super users does not require an access list to browse any course information.
-
Instructor users are the next powerfull users.
Except the system issues, they can access and update every data and see
HTML information pages possible at the front end of the system. On
the other hand, an instructor user is also restricted with the access lists,
which means that they can not see anycourses but their own courses.
-
Co-instructor users are almost equal to the
instructor users. However, they have some limitations. A co-instructor
can not read/write secret remarks for the students, add a new course, or
delete the existing course. However, he can update the existing course.
A co-instructor can also perform every operation related with the assignment
records.
-
TA users are completely restricted from manipulating
course records. However, they are allowed to see a course record information
as long as they have the course in their access lists. They can do everyhing
related with grading and student records. TA users have a special field
for making comments about students, which will not appear publicly in front
of the students but only in front of the (co)instructors. TA can also get
the row data backup for his course.
-
System users are in most resricted user group.
System group is allowed to see student lists and emails to open accounts
like unix accounts .
-
Browser users have more rights than the system
group. They can see the student grades and statistics. However, they are
not allowed to change any data in any way.
-
Students are in the other group of the grading
system users. Students do not have any user records, however, they can
access some their own records through the front end of the grading system,
change their personal informations, and see their assignment grades,
final grades, averages, partials, public comments given about them, etc.
|
|
|
|
|