Re: [zfs-discuss] Proposal: delegated administration

[Bill La Forge]

I like to think of delegation as being a bit different than granting permision--in fact, as a special permission that may include counts. For example, you might delegate to a manager the ability to grant select permissions. You may want to limit the number of users the manager may grant these permissions to and perhaps allow that manager to further delegate one more degree removed to project managers. Delegation then has two counts associated with it--the total number of users to which a permission may be granted and the depth of delegation permitted (often 0). Very handy when working accross trust domains, as may be the case when a resource is for open source or involves multiple departments. Bill PERMISSION GRANTING zfs allow [-l] [-d] <"everyone"|user|group> <ability>[,<ability>...] \ ... zfs unallow <dataset> [-r] [-l] [-d] If we're going to use English words, it should be "allow" and "disallow". The problem with 'disallow' is that it implies precluding a behavior that would normally be allowed -- similar to allow/deny in ACLs. How about allow/revoke, or grant/revoke, or delegate/revoke? Jeff _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss