I think this is a great idea and would be a welcome change to VCL. I'm sure we would use this for professors who want to manage their own groups and not have full privileges.
-Alex +1 On Thu, Nov 4, 2010 at 5:35 AM, Waldron, Michael H <[email protected]>wrote: > Josh, > > I like your idea. It's always good to be able to give out only as much > privilege as necessary. > > Mike > > Mike Waldron > Systems Specialist > ITS Research Computing > University of North Carolina at Chapel Hill > CB 3420, ITS Manning, Rm 2509 > 919-962-9778 > > > -----Original Message----- > From: Josh Thompson [mailto:[email protected]] > Sent: Wednesday, November 03, 2010 1:59 PM > To: [email protected] > Subject: add manageMapping resource attribute to control resource mapping > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'd like to add a new resource attribute for the resource group section of > the > privileges that would be used to control access to mapping resources. As > things are now (using images/computers as an example), a user must have > these > rights at a node with corresponding resource groups attributes to control > image group to computer group mapping: > > user: imageAdmin > resource: image group: manageGroup > user: computerAdmin > resource: computer group: manageGroup > > However, this also grants the user access to control which images are in > the > image group and to control which computers are in the computer group. > > I'd like to add a new resource attribute that is called manageMapping that > would allow access to resource mapping to be controlled separately from > resource grouping. The benefit of this is that fewer computer groups can > be > used. Currently, if you want someone to be able to create their own image > groups and map them to computer groups, then you have to create duplicate > computer groups if you want to make sure they don't have access to remove > computers from existing computer groups (which could end up making a > computer > unavailable because it might not be in any computer groups). > > Using this new attribute would make the above look like this: > > user: imageAdmin > resource: image group: manageMapping > user: computerAdmin > resource: computer group: manageMapping > > and would not result in the user being able to control which images were in > the image group and which computers were in the computer group. > > I'd like to hear feedback from the community on this to see what others > think. > > Thanks, > Josh > - -- > - ------------------------------- > Josh Thompson > VCL Developer > North Carolina State University > > my GPG/PGP key can be found at pgp.mit.edu > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.16 (GNU/Linux) > > iEYEARECAAYFAkzRovoACgkQV/LQcNdtPQMfSwCdEWoRgdlYeBN1RFs/84XE4FV0 > XOEAn3Mif3ZbzNAHHv7vqv52h8JiQsPx > =5Ir8 > -----END PGP SIGNATURE----- > -- Thanks, Alex Patterson User Support Services Operating System Analyst California State University, East Bay
