Node Owner

Node Owner is another cut on security. Specifically, another way to allow NetDB users to access specific Nodes.

NetDB III controls access to classes and subclasses with object access security and access to specific instances of objects with object ownership security. Node Owner is designed to give a NetDB user update access to a specific instance of a Node that she normally wouldn't have.

For example, say NetDB user trixie doesn't have accesses to objects of type router (a node subtype). Now suppose we want to allow trixie update access to router shovebits, but no other routers. There are two ways to do this:

  1. Give trixie router object access and make sure that she isn't in any object ownership security groups that own any routers. Then add one of trixie's object ownership security groups to the router shovebits.

  2. Make trixie the Owner of shovebits.
Both methods work, but the first requires us to make sure that no router is ever owned by any of trixie's object ownership security groups. The checking involved is not something that's likely to happen on any regular basis (if ever). The second method has no such drawbacks. But ... (there's always a but ...)

Node Owner may never be used. It was added to the NetDB data model with the thinking "gee that's possible and it may be useful someday". It continues to be supported in the data and the code supporting the data for the same reason, but no other code has been written to take advantage of it. That's because implementing it is nontrivial, and, at this time, there's not a lot of demand for what it provides.

Bottom Line

We have no intention of using Node Owner at this time, but we're keeping it in the data (database and code data structures) because it could turn out to be very useful someday.