Lee-- I get it! The only difference between you and Hal is that he likes to have a permission called "canUseExecutiveBathroom" where you would just create a role of "ExecutiveBathroomUsers". No different, really. Phew! I was sure I was close; now I think I have gotten it. Just don't post any other revelations, or my bubble will burst!
David Huyck [EMAIL PROTECTED] ----- Original Message ----- From: "Lee Borkman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 04, 2002 3:31 PM Subject: Re: secure tag and permissions Thanks Jeff, I know that Hal favours a combination of Roles and Permissions. John is an Editor, with all that entails, plus John can use the Executive bathroom. I simply do that by having different *kinds* of Group. I have Managers, Staff, and ExecutiveBathroomUsers. The first of these might be called UserGroups (independent of applications), while the third is application-dependent, and is essentially a Role. To summarise, I have Groups that are independent of applications (eg, WebUnit, DesktopSupport, Women) and these get mapped to Groups that are *dependent* of particular applications (eg, Admin, Reader, Writer, Editor). These application-dependent Groups are called Roles. That's about it. As you say, it's an argument about nothing, Seinfeld -style. See ya, LeeBB ----- Original Message ----- From: Jeff Peters I was *really* hoping you were going to tell me something like that, Lee. ;> Yes, you and I are speaking the same language using different words. I don't believe in direct assignment of permissions to the user. I see it like this: Permissions are pointers to activities in the application. Roles are collections of permissions. Users may be assigned one or more roles. Now, the obvious objection to this approach is the case where the boss says, "I want Mary to be a Manager, but I want her to also be able to read everyone else's schedule." Reading all schedules is an Executive permission, but the boss doesn't want Mary to have all Executive permissions, just that one. This is (I believe) why Hal champions a combination of roles and individual permissions. (Correct me if I'm wrong, Hal.) Aristotle aside, I just think the design of roles should be one of the things included in the application design, right along with background colors and fonts. Using this approach, every user's needs should be represented by a role. ... ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
