[Freeipa-devel] Time-based account policies
Martin Kosek
mkosek at redhat.com
Thu Mar 26 16:03:33 UTC 2015
On 03/26/2015 04:57 PM, Jan Cholasta wrote:
> Dne 26.3.2015 v 16:47 Martin Kosek napsal(a):
>> On 03/26/2015 04:39 PM, Simo Sorce wrote:
>>> On Thu, 2015-03-26 at 16:35 +0100, Martin Kosek wrote:
>>>> On 03/26/2015 04:26 PM, Jan Cholasta wrote:
>>>
>>> [...]
>>>>> I don't see any point in storing time zone in the host object, if it's not
>>>>> used
>>>>> for anything meaningful and has to be manually synchronized with the host's
>>>>> actual configured time zone.
>>>>
>>>> It would be mostly used for aiding the HBAC rule creation process, i.e. for
>>>> the
>>>> UX. It would be optional. If you do not fill it, you would have to always
>>>> select the right time zone in when setting the UTC HBAC time,
>>>>
>>>> If you fill the zone, UI could already select the right time zone for you.
>>>
>>>
>>> It will only help to do mistakes, how does the host object get to know
>>> what is the host's timezone ? And in any case you generally create HBAC
>>> rules using groups of hosts, what is the UI gonna do ? Crawl all the
>>> hosts in a group and then ? Average add the most common time zone ?
>>
>> Search hosts, gather all time zones and list them as choices or simply warn
>> that there are more time zones and Local Time based rule is preferred? :-)
>>
>>> Drop it please :)
>>
>> If there is no one interested in it, we can drop it. Such UX improvement can
>> also be added later, if there is a need.
>
> If we want to improve the UX by babysitting the administrator based on random
> guesses, we might as well add Clippy to IPA:
>
> __
> / \ _____________
> | | / \
> @ @ | It looks |
> || || | like you |
> || || <--| are setting |
> |\_/| | time zone |
> \___/ \_____________/
>
>
> ;-)
>
:-D
I see your point. Just note that what seems as neeedless babysitting from your
(or other) POV may be a very useful UX for the real world user. But in this
case we can wait until we hear from that real world user that he struggles with
the potential time based rules UI.
More information about the Freeipa-devel
mailing list