[OGo-Users] sharing contact attributes only between given users

[Adam Tauno Williams]

> >> Technically we could map the codes to arbitrary fields removals.
> > I don't really get the meaning of the last sentence.
> What the flags do is clear out field the user has no access to. Eg if  
> he does not have the 'M' permission, we would reset the  
> '03_tel_mobile' field to nil after the fetch.

Interesting.  And I assume on a write/put those fields are dropped out
as well?

For some regulatory compliance [that mandates data hiding] we've had to
implement some kludges to get similar behavior.  We use an encrypted
blob in an object property,  and if the user has access to the key the
blob decrypts for display - but they aren't accessing the data via
WebUI.  This makes the data encrypted on-disk and thus in-backup, the
later is also required for compliance.  I suppose there is no way to
support such a thing in the mainline - the whole key acquisition issue.

> Which fields require which permissions could be a default, eg:
>    {
>      M = ( 03_tel_mobile, other-attr );
>      P = ( 01_tel, 10_fax );
>    }
> etc
> > However, does the java port work on the same database layout as OGo  
> > does now?
> Of course.
> > Or are the changes to the database schema, that your are planning  
> > maybe some enhancements from the ogo java port?
> There are a few schema enhancements, they don't hurt the ObjC part.  
> The mentioned permission stuff does not require any schema changes at  
> all.