Menu
▾
▴
Re: [Exist-development] Proposal to change security design of groups
|
From: Dmitriy S. <sha...@gm...> - 2010-09-27 13:43:43
|
On Mon, Sep 27, 2010 at 5:27 PM, Adam Retter <ad...@ex...> wrote: > > We must think in different strategies: access grant or denied. Very > often, > > better to deny access than grant, so removing must be limited to group's > > managres only. > >> > >> 3) "User A" can also delete "Group 1" when he choose because he is the > >> owner of that group. Again this is a case of downgrading users rights. > > I disagree. If you own the group, then you can choose to the group as > you wish. However there could be the option of co-owners as suggested > by Chris Tomlinson - this is quite a common requirement in my > experience also. > I did commit on: >2) Any user can remove themselves from any group they choose - I >cannot think of a case where downgrading a users rights prevents a >security risk. This is the users right! I did mail before, we must agree on terms we going to use. 'owner' is quite good, but limited. My offer: group's 'manager' (can change members list & permissions for group, it can be 2 different roles ) & 'member' (use group's permissions). It simple to see that there can be person that can manage, but have no access for resources. -- Dmitriy Shabanov |
