[Freeipa-devel] Reorganization of Web UI navigation items

Martin Kosek mkosek at redhat.com
Mon Jun 30 07:21:56 UTC 2014 

On 06/27/2014 07:27 PM, Petr Vobornik wrote:
> On 2.6.2014 15:59, Petr Vobornik wrote:
>> Hi List,
>>
>> the purpose if this mail is to start a discussion about reorganization
>> of navigation items. Users are not fond of such change so we should come
>> up with a solution which would last for some time.
>>
>> Problem:
>> UX recommendation is that one menu level should contain maximum of 7
>> items. We have 10 items in Identity, 7 in Policy and 7 in IPA Server.
>> Basically we reached max. capacity of all 1st-level items.
>>
>> Solution:
>> Introduce new 1st-level items and redistribute 2nd-level items.
>>
> 
> It would be great to get this into 4.0, resuming the discussion. My proposal
> which takes into account various other proposals:
> 
> Identity (7)
>   - Users
>   - User Groups
>   - Hosts
>   - Host Groups
>   - Netgroups
>   - Services
>   - Automember
>     - User group rules
>     - Host group rules
> Policy (5)
>   - Host Based Access Control
>     - HBAC Rules
>     - HBAC Services
>     - HBAC Service Groups
>     - HBAC Test
>   - Sudo
>     - Sudo Rules
>     - Sudo Commands
>     - Sudo Command Groups
>   - SELinux User Maps
>   - Password Policies
>   - Kerberos Ticket Policy
> Authentication (3-4)
>   - Certificates
>   - (future) User Certificates
>   - OTP Tokens
>   - RADIUS Servers
> Network services (2-3)
>   - Automount
>   - DNS
>     - DNS Zones
>     - DNS Forward Zones
>     - DNS Global Configuration
>   - (future) Vault
> IPA Server (5-7)
>   - Role Based Access Control
>     - Roles
>     - Privileges
>     - Permissions
>     - Self Service Permissions
>     - Delegations
>   - ID Ranges
>   - Realm Domain
>   - (future) Replication Topology
>   - Trusts
>     - Trusts
>     - Global Trust Configuration
>   - (future) Views
>   - Configuration
> (future) Help
> - Docs
> - API
> - ...
> 
> Mostly it's a response to the last proposal:
> http://www.redhat.com/archives/freeipa-devel/2014-June/msg00107.html
> 
> You can check live version at: http://pvoborni.fedorapeople.org/ui/
> 
> From the earlier discussion I would say, that there was an agreement on
> Identity and Policy tabs which are very similar to current implementation.
> 
> Simo had a proposal to introduce "Authentication" tab in a future. I guess we
> can do it now. We already have radius server proxies and certificates are also
> related. It will solve the "OTP doesn't fit anywhere problem"
> 
> I've kept the "Network Services" tab because IDK where to put DNS and Automount :)
> 
> Simo's 'Directory' and 'Configuration' were merged into existing 'IPA server'
> with the difference that all RBAC related stuff is under one item (this option
> was mentioned by Petr3). Btw RBAC === "Existing items in 'Directory'". The
> label is 'IPA Server' because almost everything is related to configuration of
> the server itself maybe with exception of Trust and Views. Label
> 'Configuration' is too general. Label Directory was quite low-level as pointed
> out by Dmitry.
> 
> This merge allows us to add 'Help' in a future.
> 
> It would be good to move something into "Network services" (and maybe rename
> it) since it has only two(three in future) items.

Thanks for returning to this effort. 4.0 is indeed the right place to do this
change.

Note that with this proposal, Identity tab is already full. I would still
prefer my original proposal to split Users and Hosts operations + have
Infrastructure/Trusts tab (some variation of
http://www.redhat.com/archives/freeipa-devel/2014-June/msg00060.html), but
apparently this crowded Identity tab is what people want :) I would still
recommend running it by UX.

Few comments:
- s/Network services/Network Services/
- Radius Proxy page returns an error, instead of 0 configured proxies

Martin

More information about the Freeipa-devel mailing list