Who’s allowed to use your system? What are they allowed to see?
These are basic questions which seem simple, but get complicated.
Most organizations that we work with have centralized authentication using LDAP. Users already have their login username and password, which they use for multiple applications.
If Meteor Software Limited puts in a new one, why should we expect users to remember a new username and password combination? Who would reset it for them when they’ve forgotten it, at 4am during a production nightshift?
All of these issues are handled by LDAP systems, and so Meteor Software Limited have built a middleman application which we use to authenticate users.
With this approach, we can allow users to access our systems, using existing authentication methods.
Authorisation is a separate issue. In our systems there are typically three or four different levels of user. We list users against each level, and allow those with the highest level to create new levels, allocate levels to users and maintain who can see what.
When combined, these two systems offer powerful, robust and secure access to the typical system operations of creation, reading, updating and deleting data depending on their allocated authority.
