The new Turbine security DB has two relation tables:
* ROLE_PERMISSION: what permissions are in a role.
* USER_GROUP_ROLE: what roles a given user has as
a member of a given group.
My gut tells me there could be one other relation
that might be useful:
* GROUP_ROLE: what roles a group has, and therefore,
what roles any member of that group inherits.
The motivation for this would be: say you realize
your Administrators group now has to have the role
DB_Maintenance, which includes several permissions
to do DB maintenance. Right now, you would have to
issue an insert that would add multiple rows to
USER_GROUP_ROLE, one per each user of the Administrators
group; with GROUP_ROLE, you would only add one row.
I also see room for "inconsistencies", where
a given user in a group may have or lack roles that
other users in the same group lack or have (but this
may be so by design).
So, I guess the question behind all this is, what is
the rationale for USER_GROUP_ROLE? Would there be
room for GROUP_ROLE? Should one replace the other?
Thanks,
--
Gonzalo A. Diethelm
[EMAIL PROTECTED]
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
