On 5/15/2015 7:03 PM, Richard Hipp wrote:
....
The login-group feature gives you single sign-in.
Suppose you have multiple customers, some of whom have access to A and
others B and other C and some to combinations of these three:
Alice: A
Bob: B
Cindy: C
David: A and B
Elly: B and C
Fred: A and C
Grace: A, B, and C.
>
....
Whether or not an individual can access a repository depends on
whether or not they have a username in that repository. When you, the
administrator, add a new user, you have the option of adding them to
the single repository you are working in, or all repositories in the
login group. Likewise when you change access permissions for a user,
you can change it for that one repository or for them all. But if you
are setting up Elly's account, for example, you'd have to go in and
give her access to B and C separately. Once you the admin set her up
on both systems, she can log in to either one. But you have to set
them both up to begin with.
That explains at least half of my confusion. But I'm still slightly
confused.
Imagine a user Hortense who in the course of history, had access to A
and B, but before I realized that there should be a login group at all.
So she has accounts in both repos, and likely has different passwords in
those accounts.
I go and create the login group, with B logging in to A.
From what I'm seeing, Hortense will be able to log in to A as she
always had, but will now have trouble with B.
But when I simply add her to C, she has access. But since I didn't fill
in the password box on C when creating her user, she can't start her day
by logging in to C. But logging in to A does do the full single sign on,
and grants her access to C.
Here at SQLite.org (for which Fossil was written) we have several
products for which we provide customer access: SEE, CEROD, ZIPVFS,
and TH3. All of these are in a login-group. When someone purchases
access to the SEE source code, we create them an account on the SEE
repository. If they later also purchase access to CEROD (which
happens a lot, actually) we just add their username to the CEROD
repository. We don't have to issue them a new password as they can
log in to SEE first and then just click over to CEROD. Or they can
change their SEE password and the new password will apply to both SEE
and CEROD. And because they do not have accounts on ZIPVFS and TH3,
they cannot get access to the products they have not paid for.
I'm absolute certain it is working for you, and probably for everyone
else. I know I'm still missing something obvious.
When I've teased it out, I will try to write some documentation about
how to correctly retrofit a group of existing repositories that already
have users and history into a login-group.
--
Ross Berteig r...@cheshireeng.com
Cheshire Engineering Corp. http://www.CheshireEng.com/
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
