[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [ 100483 ] User visibility and domain support
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [ 100483 ] User visibility and domain support |
Date: |
Fri, 06 Dec 2002 22:51:01 -0500 |
Support Request #100483, was updated on 2002-Feb-26 07:23
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100483&group_id=509
Category: Question
Status: Open
Priority: 5
Summary: User visibility and domain support
By: skwashd
Date: 2002-Dec-07 14:51
Logged In: YES
user_id=2480
Browser: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826
I have allocated this one to our ldap dev ... he will have a
look at it and get back to you on it.
----------------------------------------------------------------------
By: passionplay
Date: 2002-Dec-07 12:32
Logged In: NO
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)
Easy. When you log in, every single user that has an
account in the system is visible to every single other
user. Not only that, but you can tell what groups a user
belongs to, and because the original system uses membership
groups for role administration, belonging to a group
automatically determines the role the user has.
The patches I created have the following attributes:
a) Opaque groups where membership is not visible, so rights
can be assigned anonymously, so that users can't complain
that one user has a higher level of access than another.
b) All users can see each other in the directory. In my
patch, only users in common groups other than opaque groups
can see each other.
There really is no need for all users to know who is in the
Ops group.
And if users are from 2 separate domains on the same
machine, there is no need to have 2 separate databases.
Since membership visibility is governed by common
membership, if all users for each domain belong to a
particular group, then only those users that are in that
particular group can see each other.
Example:
Corporate system: Purchasing, Quality and Accounting.
Although each of these groups is part of the same
organization, they each have their own administration
protocols, and so they shouldn't necessarily be able to see
everyone in the contact database. Just those people they
should be able to get in touch with. Should there be a need
to email directly, they can do so, but not just at random.
Privileged system: Different users on a dating site in
different areas, romance, or just plain dating shouldn't be
able to see each other unless they belong to the right
community.
And so on and so forth.
The HR application, just assumes that everyone should be
visible. Period.
What if some users should remain privileged???
Am I shedding any light?
P.S. As far as domain support, how do you support multiple
domains in PHPGroupWare natively in the same database????
And if it's not in the same database, you DO realize you're
setting up a headache for maintenance now, right? :)
Thanks!!! :)
Shamim
----------------------------------------------------------------------
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100483&group_id=509