Security Design Considerations

Jun 10, 2008 at 11:45 PM
Please note on the Test Results database diagram, that is part of the documentation in the source code, that the TestResultSetPerson table belongs to a different schema (AssessmentSecure) than the other Assessment tables.  We did this in order to help provide security in depth on the table structure by removing the only link between test data and real people.  Our plan is to not provide rights to this junction table to anyone but administrators.  Instead, there will be a user defined function that fulfils the same purpose, but that requires a PersonGUID from the logged on user.  This PersonGUID parameter will be used inside the function to return the Entities that the logged on user has rights to see.  More details when the function is actually published (hopefully in release 0.60 coming soon.)