>>Thus you can 'group' collections of users together in order to apply >>security constraints to those users. For example, you could create a constraint that granted view and >>customize access to all users in group 'A', but only view access to >>group 'B'
how to accomplish just that has been a source of constant confusion for me. At least in jetspeed 1.4 (which we are using here), I could not find a way to apply permissions to a group. The security browser / editor only allows granting "permissions" to "user", "role" and "owner" objects. No groups. Sometimes it feels like the whole "group" concept is not really used in jetspeed and it is just a leftover of the Turbine heritage. Please correct me if I am wrong. -----Original Message----- From: David Sean Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 16, 2004 12:36 AM To: Jetspeed Users List Subject: Re: Security questions On Saturday, February 14, 2004, at 05:44 PM, Archana Turaga wrote: > Hi, > The following questions: > > 1. What is the purpose of groups in jetspeed? Just like Role-based > PSML is there group-based PSML? > Groups represent a collection of users much in the same way groups are used in operating systems. Thus you can 'group' collections of users together in order to apply security constraints to those users. For example, you could create a constraint that granted view and customize access to all users in group 'A', but only view access to group 'B' Try playing around with the Security Browser portlet to get a feel for how security constraints apply to groups, users and rules. Also take a look at the authorization (AccessControl) API in Jetspeed Security. There are APIs for granting and revoking roles to users, and for users joining and removing from groups. Also, there are APIs fro granting and revoking roles in the context of a group. This is because Jetspeed tries to be flexible in its security model. We support a user having different roles when they are in a different groups. A use case would be "Anne is the Project manager in Group A (which could be a project), but she is Chief Engineer in Group B (another project) Thus groups could abstractly represent "projects" or "domains", or just organizational groups. Speaking of organizations, in J2 we plan to support hierarchies of roles and groups. If you don't need roles inside of groups, we have the global group concept. The 'Jetspeed' is the global group, as reflected in the API. This gives the possibility of organizing your security model with disjoint (no) associations between roles and groups. > 2. What is really the meaning of owner-only security permission? > This means that only the owner is granted access to a resource. For example, a portlet on a page could be restricted to only the owner customizing the portlet. > 3. Is it possible to do Role-based PSML for a particular role? Suppose > i want to have a set of users under the Role "Operator" to have > role-based PSML and the users under "Admin" user-based PSML (if this > is a vaild term)? Yes, your scenario is possible. Jetspeed first looks under the user-based PSML, if it fails to find a PSML page for the user, it when then look under the (first) role. > > Trying to get these terms cleared so that i can come up with a clear > security model for a project. > > Thanks for your time and patience. > > Regards, > Archana > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773-4646 [mobile] +01 707 529 9194 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
