I have what I think is a simple and elegant idea for an enhancement to uPortal permissions implementation, one that's not original (Academus had something very much like this) but that I think could reduce the need for explicit configuration of permission grants to Portal Administrators.
https://issues.jasig.org/browse/UP-2803 My proposal is this: that, optionally, permissions be enhanced to allow configuration of a group that is opted-out from all permissions checks and is considered to have any permission. By default, Portal Administrators would be given this capability. The idea is that it would remain possible to grant permissions to other groups, and even to not grant them to Portal Administrators by configuring another or no group as the embued super-user group, but that by default in cases where the only permission grant is to Portal Administrators, no grant at all need be made, and in cases where there are interesting grants to be made (to students, or graduate students, or chemistry lab assistants) the explicit configuration focus on those interesting grants and not have to bother to say "oh, and portal administrators have this permission too". This would have an advantage of it no longer being possible to overlook granting permission to Portal Administrators to access some of the portlets in the out of the box configuration, as in UP-2797. Thoughts on this wisdom of this potential enhancement? Andrew -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
