Sergio Gelato wrote: > * Jeffrey Altman [2009-10-30 13:20:12 -0400]: >> To address the use case properly there needs to be the ability to apply >> additional sets of ACLs controlled entirely by the administrator. >> Positive ACLs that give privileges that cannot be restricted and >> negative ACLs that restrict privileges that cannot be granted. These >> would have to be enforced by the file server at access time. This >> ensures that changes in group membership do not bypass the administrator >> set permissions. > > Even then, the devil lies in the details.
Certainly. I think any proposal is going to have to spend a significant amount of time working through the usability of the design. How do you provide the members of system:administrators functionality to protect their users from themselves while at the same time not confusing users to such an extent that you increase their frustration level with using AFS and increase the load on the help desk. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
