On 9 Jan 2002 at 13:48, Stefano Mazzocchi wrote: > Kimbro Staken wrote: > > > > > How can I perform access control at the node level without > > > duplicating the information at the CMS level? > > > > Why do you need node level access control for a CMS? That seems > > awfully fine grained control and it will be extremely complex to > > administer and expensive to implement. It's basically like asking to > > have column level access control for an RDBMS. > > I'm not saying that you have to fine tune your ACL for *every* node, > but I'm saying that if you consider your nodes are the 'data atoms' > you need to have access control at that level (think of file > systems!). >
Here's a real world example of where node level access control is very useful. Say you are implementing a document authoring / management system for a publisher of scientific articles. You want staff writers and editors to have access to the body of documents for tweaking the writing. But you want only your staff of domain and classification experts to have access to certain metadata sections that classify and correlate the documents to the proper scientific fields, topics, and specialized taxonomies with will be used by researchers for searching. Perhaps only senior editors should have access to change certain publication metadata. And only system administrators should be able to touch the document's unique identifier once it's been assigned. As Stephano points out, you likely don't want to individually control every single node, but you want to be able to choose nodes or sections to control, similar to the defining of what in the document you want to index. -- Eric Schwarzenbach
