[Freeipa-devel] Help define the roles IPA has by default

David O'Brien davido at redhat.com
Fri Feb 11 00:25:57 UTC 2011 

Dmitri Pal wrote:
> On 02/10/2011 03:05 PM, Jakub Hrozek wrote:
>> On 02/10/2011 05:12 PM, Rob Crittenden wrote:
>>> But what other roles do we need? The mind boggles and rather than
>>> dictating what the initial ones will be I'm looking for some
>>> guidance/suggestions.
>>>
>>> thanks
>>>
>>> rob
>> I'm actually wondering if we need to define many default roles in the
>> upstream project. I'm thinking that every organization will have
>> different needs and different ways of role delegation anyway, so I
>> would rather make sure this feature is well documented with examples
>> and use cases.
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> 
> I think that a reasonble set of 3 -5 roles and documentation how to
> change them should be sufficient.
> 
I agree. On top of what Dmitri has already sent out, this thread is a 
really good continuation of documenting delegation, permissions, roles, 
etc., especially because this area is so different from v1. If we look 
at it from two perspectives, one being What does IPA need to function?, 
and the other being What do customers need?, then we can probably come 
up with a short list and provide some basic use cases, descriptions, and 
examples.

Dmitri's list of 5 is good, although I would suggest settling on a 
naming format, by which I mean rather than a combination of person-based 
and role-based names, use a consistent format. Security Architect & IPA 
Administrator are people (faiap), while Helpdesk is a department. 
Anyway, you get the idea.

We've already started with Name, Description, Goals; with a few use 
cases I can put together short sections with links to existing docs on 
how to use the relevant commands, or write them as needed.

cheers
-- 

David O'Brien
Red Hat Asia Pacific Pty Ltd
+61 7 3514 8189


"He who asks is a fool for five minutes, but he who does not ask remains 
a fool forever."
  ~ Chinese proverb

More information about the Freeipa-devel mailing list