-----BEGIN PGP SIGNED MESSAGE-----
I'd like to add a new resource attribute for the resource group section of the
privileges that would be used to control access to mapping resources. As
things are now (using images/computers as an example), a user must have these
rights at a node with corresponding resource groups attributes to control
image group to computer group mapping:
resource: image group: manageGroup
resource: computer group: manageGroup
However, this also grants the user access to control which images are in the
image group and to control which computers are in the computer group.
I'd like to add a new resource attribute that is called manageMapping that
would allow access to resource mapping to be controlled separately from
resource grouping. The benefit of this is that fewer computer groups can be
used. Currently, if you want someone to be able to create their own image
groups and map them to computer groups, then you have to create duplicate
computer groups if you want to make sure they don't have access to remove
computers from existing computer groups (which could end up making a computer
unavailable because it might not be in any computer groups).
Using this new attribute would make the above look like this:
resource: image group: manageMapping
resource: computer group: manageMapping
and would not result in the user being able to control which images were in
the image group and which computers were in the computer group.
I'd like to hear feedback from the community on this to see what others think.
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
-----END PGP SIGNATURE-----