This space is archived

For current information please use the current ExamSys documentation

Database Security

All authenticated pages in Rogo initially connect to the MySQL under an initial restricted permissions user: $cfg_db_username. This has rights to a minimal set of tables to perform internal authentication and certain other tasks (e.g. password reset, module enrolement, etc). The script auth.inc then includes the function db_change_user() which based on the current role of the user switched the MySQL user. The advantage of this model is that table-level privileges can be tightly controlled around roles. For example, students have SELECT on 'questions' table whereas staff have SELECT, INSERT and UPDATE privileges.

Roles

User (see config.inc.php)Use
$cfg_db_usernameInitial MySQL user which performs initial authentication duties
$cfg_db_student_userUser account for Rogo 'student' role
$cfg_db_staff_userUser account for Rogo 'staff' role
$cfg_db_external_userUser account for Rogo 'external' role (e.g. external examiner)
$cfg_db_sysadmin_userUser account for Rogo users set to 'SysAdmin' role
$cfg_db_sct_usernameUser account for externals reviewing Script Concordance Tests (SCT)