Basically, it should meet the following requirements:
- Security control - allows user to logon to the system and verify their user name and password.
- Access permission - permission could be controlled by menu level, screen level and field level (whether the field is show/hidden or enable/disable).
- User access log - this is compulsory for audit purpose and also the alert.
- Access deny alert - upon hitting certain number of invalid user name or password, the system should generate alert and email it to the system administrator.
- Password policy - you may consider to implement minimum password length and password complexity.
- Allow supervisor overriding - this can be useful when the current user does not have permission to access certain feature (such as edit customer address) but requires to do so.
- In case the system is a web base system, it should store the browser type and visitor IP address for audit purpose.
- CUser - this class stores the user information such as user name, password, email address, etc.
- CAction - this class stores all the permissions (or features) for the system.
- CUserAccessLog - this class responsible for keeping track the user login and logout activities.
- CLog - this class (which has been discussed in previous article) which is responsible for storing the audit information such as which "action" (or "featuer") the user has clicked.
No comments:
Post a Comment