Community mailing list archives

Re: Double Password for Each User?

Dedi Sinaga
- 08/03/2015 12:36:07
Simple idea, may be it can help (I haven't tried) .

1. Create a table which store a "session" value for access (user_id,expired_datetime,group_ids_to_append). Give expired time to that "session", like 5 mins or something.
2. Give your secured menu a specific group that belongs to no one.
3. Create an action wizard that ask for password that you can define in 'hardcode' (unrecommended) or store in some table. After user "login" through that action wizard, create the session and append the user into that specific group.
4. User should refresh the page (manually, or can it be done automatically after login? I haven't explored it)
5. Create a scheduler that will remove the user from the group when the session time has expired, may be every 5 mins.
If user still belongs to that group, he/she should be able to access the menu.

This is just an idea, I haven't implemented that. May be you can try it. 

On Mon, Aug 3, 2015 at 10:01 PM, Anders Wallenquist <> wrote:
We have created a "sudo" module that works just like sudo in Linux letting a user to do tasks as another user. The use-case for this module was support persons that want to try a function / menu with the same permission as the regular user that requested support.

It may come in handy in such use-case to (or can be extended to).

For example the use-case can be that some functions are available only to a pesudo-user, some users have the rights to become that user. The the module has to have lists what users a a specific user can become.

Anders Wallenquist
Vertel   (auth_sudo)

Den 2015-08-03 10:48, Togar Hutabarat skrev:
<blockquote cite="" type="cite">
Dear Community,

We have a requirement from our customer, we think about it like crazy for few days. Hopefully I could get a clue from our community. So one of our customer ask a feature that will require them to input/type their password when they access particular menu, such as Payslip, Financial Report, etc. Similar with Linux/MacOS asking your password when modifying file that is belong to root. This will prevent unwelcome usage on critical information. Do we have any module for such feature?

Best regards,
Togar Hutabarat

Post to:

Post to: