Julian, Yes, thanks for posting issues, I just saw those today (and realized that i hadn't been getting email notifications). I will be working on them in the very near future.
On your inheritance question, first of all, that's a feature that didn't need to be implemented immediately to get it up and running. It wasn't high on the priority chain. Secondly, there are logical issues that revolve around inheritance, like how to query up the chain, which level takes precedence, etc. which can differ in each app. Wether or not one way is better than the other is up to the app and the developer. But basically, right now you have fine grained control over each group, and that is all that's needed for a getting-things-started ACL. You could always write in support for inheritance and contribute it ;) Jason On Tue, Oct 14, 2008 at 3:23 PM, Julian Davchev <[EMAIL PROTECTED]> wrote: > Hi, > Really nice work. I even posted some issues on it > http://code.google.com/p/zfsecurity/issues/list > My question though is how do you handle hierarchy acl. From what I see > you assign one user to serveral groups. And somehow based on that you > decide if (not)allowed some privilige. Is it not better to have groups > that are in hierarchy and have user just belong to single group. Of > course this will require extra interface where you define group > hierarchies. > > Could you please share some light on either approach and why you chose > this one. > > > Jason Eisenmenger wrote: > > Hello list, > > > > If anyone is interested, I've posted a screencast demonstrating the > > "drop-in" security module that I showed at the ZendCon UnCon last > > month. If you're in the market for an ACL system for your site, check > > it out: > > > > http://oss.jasoneisen.com/2008/10/14/security-module-screencast/ > > > > Jason > >
