All authenticated pages in Rogo initially connect to the MySQL under an initial restricted permissions user: $cfg_db_username. This has rights to a minimal set of tables to perform internal authentication and certain other tasks (e.g. password reset, module enrolement, etc). The script auth.inc then includes the function db_change_user() which based on the current role of the user switched the MySQL user. The advantage of this model is that table-level privileges can be tightly controlled around roles. For example, students have SELECT on 'questions' table whereas staff have SELECT, INSERT and UPDATE privileges.

Roles

User (see config.inc.php)	Use
$cfg_db_username	Initial MySQL user which performs initial authentication duties
$cfg_db_student_user	User account for Rogo 'student' role
$cfg_db_staff_user	User account for Rogo 'staff' role
$cfg_db_external_user	User account for Rogo 'external' role (e.g. external examiner)
$cfg_db_sysadmin_user	User account for Rogo users set to 'SysAdmin' role
$cfg_db_sct_username	User account for externals reviewing Script Concordance Tests (SCT)

Browser not supported