BADGER finance
http://community.badger-finance.org/forum/

Multi user system?
http://community.badger-finance.org/forum/viewtopic.php?f=19&t=302
Page 1 of 2

Author:  enikao [ Tue Oct 30, 2007 1:19 am ]
Post subject:  Multi user system?

BADGER 1 was strictly single user. Should we keep this or extend it?

Options:
  • Single user, as BADGER 1.
  • Single user, but use database table prefixes.
  • Multi user, no interaction: Multiple users should be possible, but they neither share information nor interact with each other.
  • Multi user, with interaction: Multiple users should be able to share data, e. g. categories, accounts etc. This implies a full-blown rights system.

Author:  holger [ Tue Oct 30, 2007 11:39 am ]
Post subject: 

i vote for multi user, no interaction.
multi-user has ben requested in the past and i can see the use.

i vote against interaction however. the reason is that on my day job i am currently working on a project where we are looking at a huge (!) accouting system. the bigest problem there is the interaction between the different users/mandators. if SAP fails on doing this right, i strongly discourage us trying to do that.

Author:  xterm [ Tue Oct 30, 2007 2:52 pm ]
Post subject: 

I vote for "Multi user, with interaction". I use Badger for my home economy and me and my wife have both personal accounts and shared accounts (like mortage and service accounts). It would be nice if we could share those accounts.

Author:  holger [ Wed Oct 31, 2007 9:35 am ]
Post subject: 

xterm wrote:
I vote for "Multi user, with interaction". I use Badger for my home economy and me and my wife have both personal accounts and shared accounts (like mortage and service accounts). It would be nice if we could share those accounts.


i can see your point.
i am just not convinced it is worth the trade off of a full blown rights system.
enikao: what does a full-blown rights system mean? and why is that implied by interaction? another way to go (though a little unorthodox) would be that within each installation any user may do anything. that way we would allow for interaction as xterm described (Which i could use at home too) without having to code a milllions lines for rights management ?

Author:  sepp [ Wed Oct 31, 2007 10:48 am ]
Post subject: 

i think, if we implement a multi user system, we should keep it simple.

my suggestion is to have only different rights on an account basis.
"who can see/use this account?"

Author:  juergen [ Wed Oct 31, 2007 2:21 pm ]
Post subject: 

I vote for a default single-user system, but with module multi-user with option [interaction yes/no]

Jürgen

Author:  enikao [ Wed Oct 31, 2007 6:19 pm ]
Post subject: 

holger wrote:
enikao: what does a full-blown rights system mean? and why is that implied by interaction? another way to go (though a little unorthodox) would be that within each installation any user may do anything. that way we would allow for interaction as xterm described (Which i could use at home too) without having to code a milllions lines for rights management ?


With full-blown rights system I think of:
  • User Management (CRUD for users)
  • Rights Management (CRUD for rights)
  • At some point in the architecture, we need to make sure the user can access only the objects he/she is authorized to. This could either be done on database level (faster, but more complex) or in the business logic (may fetch loads of unnecessary data). This is the really tough part.


In general, we have to spend a lot of time in thinking of security measures at any level. On the other hand, this is a financial application and therefore attention should be paid to security in any case.

Another issue just came to my mind: Synchronization. If user A modifies some transaction, how is user B notified of this? This is not a trival task either.

If all users can do everything, we don't need a user system at all. Just use a password both you and your partner know, and you're done.

Author:  enikao [ Wed Oct 31, 2007 6:24 pm ]
Post subject: 

sepp wrote:
i think, if we implement a multi user system, we should keep it simple.

my suggestion is to have only different rights on an account basis.
"who can see/use this account?"


In my opinion, there are two principal choices (as listed above):
A: Secure at application-level (no interaction model)
B: Secure at object-level. (interaction model)

Which granularity we choose at object-level is not of that importance and can be decided later. In my personal opinion, I fully agree with Sepp that we don't need transaction-level security but account-level security would be sufficient.

Author:  enikao [ Wed Oct 31, 2007 6:27 pm ]
Post subject: 

juergen wrote:
I vote for a default single-user system, but with module multi-user with option [interaction yes/no]

Jürgen


I don't think we can modularize such a foundational decision. If we have a multi-user system, all the additional efforts a single user has is entering a user name in addition to a password on login, and even this may be a configuration option.

Author:  enikao [ Wed Oct 31, 2007 6:29 pm ]
Post subject: 

Personally, I think a real multi-user system with interaction would be the best way. At the moment, I'm just not convinced the (possibly large) additional effort is worth the gain. Although designing such a system would be an interesting challenge ...

Author:  holger [ Wed Oct 31, 2007 6:46 pm ]
Post subject: 

enikao wrote:
(CRUD for users)


short suggestion: not everyone discussing here with us has a computer science degree and knows what "crud" means or what tagging entails.

Author:  enikao [ Wed Oct 31, 2007 6:50 pm ]
Post subject: 

holger wrote:
enikao wrote:
(CRUD for users)


short suggestion: not everyone discussing here with us has a computer science degree and knows what "crud" means or what tagging entails.


You're right.

CRUD means "Create, Read, Update, Delete" and is in very general terms everything you can do with (database) data. In practice, this means you need a form and accompanying logic for creating new users, read and display user data from the database, changing user details and deleting users (or rights, or whatever else).

Author:  brosky [ Thu Nov 08, 2007 10:04 am ]
Post subject:  multi user, with limited interaction

Hi,

I plan to install badger, to keep track of some expenses, and badger being as a single user enviroment is quite a drawback...

What do I mean with limited interaction? I mean, to be predefined categories, and at a global statistic menu,
user can see how much other people expense o a specific timeslice for food, car maintenance, kid's expenses, etc...

Like, if I spend 100 EUR / month for food, i'm curios to see how much other people spend for food, car, etc...

Just my to cents :)

Author:  tradeher [ Fri Nov 09, 2007 7:51 pm ]
Post subject:  multi user no interaction

I personally do not want anyone to have access to my personal financial information. If I were to agree to share an account with someone, I would want their transactions to be seperate from mine or have some sort of CVS type system that would allow joint users to rollback to a previously reconciled state.

I like the idea of multi user because it keeps the amount of file space required to store the scripts to a minimum and simplifies the script modification/updating process.

The one thing that I might want to share are categories or tags, with each user having the option to include categories/tags created by other users.

Vielen Dank für alle Sie Bemühungen auf diesem Projekt
Thank you for all your efforts on this project.

Author:  brosky [ Wed Nov 14, 2007 3:49 pm ]
Post subject:  Re: multi user no interaction

tradeher wrote:
I personally do not want anyone to have access to my personal financial information. If I were to agree to share an account with someone...


The ideea is to share the data without sharing the user info...

Example:

Total expenses for [category] in [time_period]
[Sub_Category1] = 1334 EUR [13.65% more than last month]
[Sub_Category2] = 860 EUR [5.23% less than last month]
[Sub_Category3] = 120 EUR [same as last month]


All this in a chart_pie or chart_doublebar, will look nice:)

I know that people are very "hush-hush" about their finance, but sharing in a private enviroment, and with no personal data, will not hurt anyone, and the main problem i think is, if the user enters valid information, like, If i spend 100 EUR on food / month, i will write on the badger-finance site, that i spent 150 EUR...

I'm sooooo looking forward for version 2 ...

Page 1 of 2 All times are UTC + 1 hour [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/