I agree with the comments concerning the wording "Groups" in the security.
One is used to users being in groups that have permissions. Now we have
Groups/Roles and permissions. Perhaps the name of groups has to be clearly
defined and perhaps changed to something like projects or organisational
units???? And yes I have read the irc log concerning the security ;-)
Apart from the naming isue I see more and more similiar types of systems in
my line of work: ie
Org. Units contains Users, which have Roles, which contain sub Roles, which
have specific permissions.
In this case an Org. Unit has specific perm. that a user can inherit if made
a member of this group. The sub roles goes a bit too far for me but the
general idea of the roles/permissions is a good choice I believe.
The way I tried to explain it to colleagues (but perhaps I don't understand
it fully either :-0 ) is that what one usually thinks of in terms of groups
and permissions is now more Roles and permissions.
In my system I have two groups; local and global. User colin has the role
Admin in both local and global whereas User Jack has only the Admin role in
local. So far so good if the role in both groups are equal.
My problem begins when I want Admin role for Global to be slightly
different to Admin role in Local. Then if I understand it correctly there
should be two different Roles Admin_local & Admin_global.
Before you know it there are loads of roles :-(
I believe the security as is is a good basis but needs some touching up.
colin
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
