I think this is a great idea and would be a welcome change to VCL. I'm sure
we would use this for professors who want to manage their own groups and not
have full privileges.



On Thu, Nov 4, 2010 at 5:35 AM, Waldron, Michael H

> Josh,
> I like your idea. It's always good to be able to give out only as much
> privilege as necessary.
> Mike
> Mike Waldron
> Systems Specialist
> ITS Research Computing
> University of North Carolina at Chapel Hill
> CB 3420, ITS Manning, Rm 2509
> 919-962-9778
> -----Original Message-----
> From: Josh Thompson [mailto:josh_thomp...@ncsu.edu]
> Sent: Wednesday, November 03, 2010 1:59 PM
> To: vcl-dev@incubator.apache.org
> Subject: add manageMapping resource attribute to control resource mapping
> Hash: SHA1
> I'd like to add a new resource attribute for the resource group section of
> the
> privileges that would be used to control access to mapping resources.  As
> things are now (using images/computers as an example), a user must have
> these
> rights at a node with corresponding resource groups attributes to control
> image group to computer group mapping:
> user: imageAdmin
> resource: image group: manageGroup
> user: computerAdmin
> resource: computer group: manageGroup
> However, this also grants the user access to control which images are in
> the
> image group and to control which computers are in the computer group.
> I'd like to add a new resource attribute that is called manageMapping that
> would allow access to resource mapping to be controlled separately from
> resource grouping.  The benefit of this is that fewer computer groups can
> be
> used.  Currently, if you want someone to be able to create their own image
> groups and map them to computer groups, then you have to create duplicate
> computer groups if you want to make sure they don't have access to remove
> computers from existing computer groups (which could end up making a
> computer
> unavailable because it might not be in any computer groups).
> Using this new attribute would make the above look like this:
> user: imageAdmin
> resource: image group: manageMapping
> user: computerAdmin
> resource: computer group: manageMapping
> and would not result in the user being able to control which images were in
> the image group and which computers were in the computer group.
> I'd like to hear feedback from the community on this to see what others
> think.
> Thanks,
> Josh
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
> my GPG/PGP key can be found at pgp.mit.edu
> Version: GnuPG v2.0.16 (GNU/Linux)
> XOEAn3Mif3ZbzNAHHv7vqv52h8JiQsPx
> =5Ir8

Alex  Patterson
User Support Services
Operating System Analyst
California State University, East Bay

Reply via email to