On sobota 7. října 2017 3:08:45 CEST Charlie Baum wrote: > Trying to see if Foreman can handle a multi-tenancy model and I believe it > can or its close except I can't see/find where to associate a user group > with an organization. Under the organization menu, there is only Users, > not User Groups. Am I missing somewhere to do that?
You're right. While it make sense to introduce Orgs and Locs to user groups, it's not that trivial. Since user group can have roles, what would happen if user is assigned in org A but he belongs to user group which is assigned to org A and B? Let's say the user group role contains permissions to view domains. Should user be able to see domains only from org A or also from org B? Should users from org B with view users permission see this user? Should they see him when they edit this user group? Should nested user groups inherit orgs/locs? The simplest way to implement it that I see is just inheriting roles from all user groups, not inheriting any org/loc. Org assigned to user group would only be used to hide them from other orgs. No org/loc inheritance in user groups nesting. We'd need to add validations so all user groups of user are at least in one shared organization and location. The same validation should be there when setting parent user group. I think it's definitely worth of raising RFE issue in our redmine -- Marek -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
