Security

From MyMemberSoftware wiki
Jump to: navigation, search

Security in Joomla

We advise you to configure a strong password requirement in Joomla: minimum 6 characters, and 1 special character. The /administrator/ should have a access pop up by usig apache of nginx functionality. Using fail2ban to deny ip access when more than 5 incorrect username / password combinations have been tried.

Typical Roles for My Member Software

Applicant

An applicant is someone that wants to register for membershop. In most times this person does not have an existing joomla account and is therefore is not logged in and acts under the joomla user group Guest..

Make sure you set up a form for this usergroup.

In order for an applicant to register it needs some acl authorisation too.

  • Right to change password

Member

Board

Administrator

Formerly Predefined Roles

(* done) ported to acl system

Roles and their access are now dynamically created during setup.

Admin

User does not have to have an MMA profile.

  • Can do nothing?

(could update role secretary but nothing more, but it might have disappeared in the course of time)

Aspirant

  • person that has a joomla profile and filled in a registration form which has not have been approved
  • Has no further rights

Afdelingsbestuur

User does not have to have an MMA profile.

  • Has the right to update his MMA Profile.
  • Has the right to update profiles of MMA members in the same department
  • Has the right to run reports of MMA members in the same department (* done)
  • Does not have the right the rights to export financial fields in reports (* done)
  • Does have the right to validate/activate the mandate of other members (* done)
  • Does have the right to decline the mandate
  • Access to Ideal gateway

Secretariaat

A Person with a joomla account, does not need to have a MMA Profile

  • has access to decline the mandate of other members (*done)
  • has access to approve the mandate of other members (*done)
  • has access to view the mandate of other members (* done)
  • has access to send the mandate of other members with email (* done)
  • has access to save MMA Profile even when not all required fields are entered (* done)
  • has access to view invoices (* done)
  • has access to create a credit note (* done)
  • has access to Ideal gateway (* done)
  • has access to assign all payment methods, even disabled ones (* done)
  • has access to events

Controleur

A Person with a joomla account, does not need to have a MMA Profile

  • has access to view all members data
  • has access to view invoices of all members

Lid

Member does not need a Joomla account to be member, He does need a joomla account in order to maintain his own profile

User needs to have an MMA Profile

  • has access to update his MMA Profile.
  • has access to Ideal gateway
  • has access to view his invoices
  • has access to events

Gepensioneerd (deprecated)

Secretariaat HRM (deprecated)

ACL access actions already in MMA

Title description
Access : Member Administration Overview Provides access to the administration view
Access : Edit member profile Provides access to edit a member
Access : Overview new members Provides access to view newly applied members
Access : Administrate my data Provides access to edit your own profile
Access : Create new member Provides access to create a new member
Access : Dashboard key figures Provides access to the key figures reporting page
Access : Contribution Provides access to the key contribution reporting page
Access : Send contribution notifications Provides access to thesend contributins page
Access : Export memberdata
Access : Export active member data
Access : Labels new members
Access : Labels terminated members
Access : Labels deceased members
Access : Labels per department
Access : Labels birthdays
Access : Labels clubcard
Access : Labels non email
Access : Overview membership fees
Access : Report mandates
Allows a person to activate a mandate
Allows person to deactivate a mandate
Send mandate pdf\'s by email
Access : to download mandate pdf
Editing : Create credit invoices
Right to view invoices
Right to mark invoices as payed
Allow setting all payment methods
Right to perform iDeal payments (requires jdidealgateway component)
Right to export financial data
Save : Saving member data
Save : Save incomplete member data
Delete : deleting of images
The right to manage other groups
The right to manage same groups
Change rights of other members