[Christian Kuelker] > Petter Reinholdtsen wrote: > >What kind of admin roles should we provide out of the box in Debian > >Edu/Squeeze? > > I suggest: > admin or admins > jradmin or jradmins > teacher or teachers > student* or students*
When I wrote admin roles, I meant different sets of privileges that could be assigned to users. Which privilege differences would jradmin, teacher and student have? I would expect students and teachers to have none privileges, and the teachers in need of privileges to be added to a admin or jradmin group. As for singular vs. plural, as we already have a user named admin, I believe it is a good idea to make sure the group have a different name and thus find it better to name it admins. :) > additionally we could think of (lazy - omit plural): > > professor > pupil* > assistant > tutor > lecturer > examinee What privilege sets would these entitle? These sound like generic groups, and not something that should give admin privileges. I would expect a professor in need of admin rights could be added to the admin or jradmin group to get the required privileges instead of giving some privileges to a professor group. > So this is the same as super-admin LDAP user? Not quite sure. > No subtree for Admins? Nope. Admins could be stored in the root. > Why two different kind of role assignment methods? not sure. > > Gosa jradmin role > > > > Entities with this role can modify some attributes of user and > > group objects. > > How is this implemented? Gosa reads LDAP objects for the roles and they are refered to in the gosadepartment subtree top object stating which role have access to the subtree. > I do not now the actual implementation with GOSA, please correct me > if my following guesses are wrong. Do not know Gosa enough to say, so I leave that to someone who understand it better. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
