Menu
▾
▴
Re: [WebERP-developers] Shall we find a another regular way to manage authority?
|
From: icedlava <ice...@gm...> - 2013-12-09 17:15:11
|
E-Groupware or Joomla are not my preferred example for access. I prefer to have Roles managed quite separately to groups/users which makes it easier/possible when trying to apply to real life situations. User 'john' might be assigned to Branch Dispatch group. He might have role of 'Dispatch Clerk' which may have different access to roles of Dispatch Clerk that is in Main Dispatch Group. Do we want to be so complex with access rights? What happens if a user might be allowed to be assigned to one or more roles or groups, and those roles /groups have different access rights for a specific function/action. What if a group or subgroup has different access to a user? Should the user inherit rights or allowed to retain the rights specifically given to them? Which level is used/inherited? What is the one that takes precedence. Does 'No rights' override 'Read rights' - or 'All rights' override 'Read only' - which is safer way to go? Should Read rights be inherited if the user has already been given 'no read rights'? It could get very complex and hard to manage without clear rules in code. I agree with Rafael that we need a way to implement whatever access rights we define, consistently across all 'scripts'. But this is not granular enough I think, just the same as we have now. We need more granularity in access levels - whether it be decided at Module, function, action, link level with some agreed defined access rights (create, modify, read, delete, config/admin?) I also agree with Exson, that on top of all this there is a need for approval control for a process (config/admin level access?). This could be applied for example to the request/approval process I need for inventory transfers. But this is access rights at process level - as distinct to module/function/action level. Maybe in some cases the script/function we have might be able to equate roughly to process. I see so far raised: 1. Roles, groups, users and their relationship 2. Granularity of access - module, function/script, action, link 3. Type of access - create, modify, read, delete, admin/config 4. Request/Approval for a process 5. Definitions and rules for all that might be decided to use above Thanks for the opportunity to discuss, On 10 Dec 2013, at 2:46, Rafael Chacón wrote: > Hallo, > > My two cents: > > I have seen in other projects: > > 1. Group-access, sub-group-access, sub-sub-group-access --from general > access to specific access--. The sub-groups inherit the attributes of > groups; The sub-sub-groups inherit the attributes of sub-groups. It is > a > kind of pyramid of access rights. E.g. Joomla! > > 2. Group-access and individual-access --general access for groups, > specific > access for individuals--. The individuals inherit the attributes of > the > groups to which they belong. E.g. EGroupware. > > Personally, I like the EGroupware way. > > In both cases, I used the group-access as the Department attributes > (general access rights for all the people who belong to a department). > > I think we could use the current structure, with little modifications, > to > adapt to any of them. What is critical is to distribute access-rights > variables by all scripts, and then to fill an array of access rights. > > Regards, Rafael. > > > 2013/12/5 ExsonQu <hex...@gm...> > >> *Hi, Jo,* >> >> You're right that we should have a convent for access >> control. >> And granularity is just one point of the discussion, another one is >> the >> approval control or approval processes management. I hope we can set >> a rule >> for that. >> >> Thanks and best regards! >> >> Exson >> >> >> >> -- >> View this message in context: >> http://weberp-accounting.1478800.n4.nabble.com/Shall-we-find-a-another-regular-way-to-manage-authority-tp4657044p4657052.html >> Sent from the web-ERP-developers mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------------ >> Sponsored by Intel(R) XDK >> Develop, test and display web and hybrid apps with a single code >> base. >> Download it for free now! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk >> _______________________________________________ >> Web-erp-developers mailing list >> Web...@li... >> https://lists.sourceforge.net/lists/listinfo/web-erp-developers >> > ------------------------------------------------------------------------------ > Sponsored by Intel(R) XDK > Develop, test and display web and hybrid apps with a single code base. > Download it for free now! > http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________ > Web-erp-developers mailing list > Web...@li... > https://lists.sourceforge.net/lists/listinfo/web-erp-developers |
