Ron Parker wrote:
OK, I have been avoiding this, but I finally gave in to my compulsion. The
write up is great, but I absolutely cannot resist spell checking and a little
rewrite to simplify the wording.....
I attach my changes.
cat
SITEGROUPS
SiteGroups enables multiple virtual databases from Midgard's single mysql database.
When a user logs into a specific SiteGroup, the user is only able to read and write
data that belongs to the SiteGroup. SiteGroups:
* manages access privileges
* allows the use of one administrative interface for many users
* reduces the number of persistent database connections
EXAMPLE
Suppose there are 10 distinct user-level hosts in an installation. Two of these,
vmuc.com and vmucentertainment.com, are owned by Henry, but he has no connection with
any of the other 8. He must have access to administrative privileges for his two
hosts without allowing administrative access to any of the other hosts.
CONFIGURATION
To build a SiteGroup-aware Midgard installation, you must reconfigure and recompile
all the midgard packages. (This also applies when moveing from a SiteGroup-aware
Midgard to a nonSiteGroup installation.) To include SiteGroups, you must specify
"--with-sitegroups" when running configure for libmidgard. The configure will programs
for mod_midgard and midgard-php probe libmidgard to see if sitegroups are enabled and
respond accordingly.
Configuring libmidgard with SiteGroups adds columns and one table to the Midgard
database. Existing records have their SiteGroup field set to '0', so everything that
exists when you apply the patch is owned by SG0 (SiteGroup zero). Users who require
full access to the Midgard database must have their "member" and "person" records
specified within SiteGroup 0 (SG0).
Although SiteGroups is designed to be as transparent as possible, you must manually
install SiteGroups by issuing the mysql command:
INSERT INTO sitegroup (name) VALUES ('sitegroupname');[0]
In the example above, you would enable Henry's write permissions for vmuc.com by
creating the sitegroup "vmuc.com," adding henry as a user and modifying the vmuc.com
sitegroup to include him within its membership.[1]
USAGE
When logging into the Midgard administration site, the user is prompted to specifiy a
username@sitegroup. Either a SiteGroup name or 0 must be specified.
When Henry specifies [EMAIL PROTECTED], mysql queries the host sitegroup field to
determine which records he will see in the administration interface.
Only root users, members of SG0, can remain in SG0 while logged in. Any valid user can
still login to the Administration site; however, they will see the administration site
as if their sitegroup were the only one. They may read documents which are owned by
the SiteGroup they signed in under, and can only commit edits to the files they own.[4]
Creation of host records is limited to root users. To create a new host, log on as
admin@sitegroupname[3] and everything you build, including the host record, will
default to being part of that sitegroup.
Another SiteGroup feature is the administration groups -- these groups can be thought
of as an umbrella under which many hosts are managed. In our example, the hosts
vmuc.com and vmucentertainment.com are both under the care of the vmuc.com SiteGroup.
Consequently, when Henry logs in as [EMAIL PROTECTED] he's able to read and edit the
records for both of these sites.
Members of administration groups have unrestricted create and modify access to all
resources within their sitegroup. Root users are automatically admin users for every
SiteGroup. The admin group for a SiteGroup is specfied in the admingroup table. Both
the group and the person records must be in the sitegroup that they're admins for.
[ note from cat: I think a table of access and permissions here would be good, but I
don't want to do it in ASCII....]
<!--End Edits-->
[1]David Guerizec is currently writing an admin-site interface for SiteGroups. It
should be available for the Midgard 1.4beta release.
[2]How to add another host to the vmuc.com sitegroup. In our example, Henri needs
write privelages for vmuc.com and vmucentertainment.com.
[3]Does the username "admin" have any significance or is it an example?
[4]This seemed to be implied but I'm not sure if I've interpreted it correctly. Does
it mean that a SiteGroup could display files which a user doesn't have write
privelages for?
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
