Menu
▾
▴
Re: [Exist-development] Proposal to change security design of groups
|
From: Thomas W. <tho...@gm...> - 2010-09-28 08:42:30
|
On 27 September 2010 16:12, Adam Retter <ad...@ex...> wrote:
> >>2) Any user can remove themselves from any group they choose - I
> >>cannot think of a case where downgrading a users rights prevents a
> >>security risk. This is the users right!
> > I did mail before, we must agree on terms we going to use. 'owner' is
> quite
> > good, but limited. My offer: group's 'manager'
>
> Owner or manager really makes no difference to me. In English it would
> seem to me that 'owner' is the more accurate and succinct term.
>
> > (can change members list &
> > permissions for group, it can be 2 different roles ) & 'member' (use
> group's
> > permissions). It simple to see that there can be person that can manage,
> but
> > have no access for resources.
>
>
> I am not clear on why a group would have 'permissions'? Surely
> collections and resources have permissions in terms of owner and
> group, but not the group object itself.
Adam, I think Dmitriy is proposing a model where there is a clear separation
between being a member of a group and managing the group itself. I quite
like the idea and it takes care of a common case from the practice.
Example: An admin who manages the group of CEO users does not need to have
access to the confidential reports in a collection, available to the members
of this group.
When we discuss eXist security matters I think it is high time to start
looking at it from a slightly bigger perspective. Imagine a company of 1000
employees where to have one admin user that does it all is nor neither
possible nor practical . There will be teams of admins dealing with variety
of jobs across the teams and departments.
Thomas
>
> --
> Adam Retter
>
> eXist Developer
> { United Kingdom }
> ad...@ex...
> irc://irc.freenode.net/existdb
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Exist-development mailing list
> Exi...@li...
> https://lists.sourceforge.net/lists/listinfo/exist-development
>
|
