[Freeipa-devel] Reorganization of Web UI navigation items

Martin Kosek mkosek at redhat.com
Wed Jun 4 06:34:55 UTC 2014 

On 06/03/2014 11:16 PM, Dmitri Pal wrote:
> On 06/03/2014 04:29 AM, Petr Spacek wrote:
>> On 3.6.2014 09:54, Martin Kosek wrote:
>>> On 06/02/2014 03:59 PM, Petr Vobornik wrote:
>>>> Hi List,
>>>>
>>>> the purpose if this mail is to start a discussion about reorganization of
>>>> navigation items. Users are not fond of such change so we should come up
>>>> with a
>>>> solution which would last for some time.
>>>>
>>>> Problem:
>>>> UX recommendation is that one menu level should contain maximum of 7 items. We
>>>> have 10 items in Identity, 7 in Policy and 7 in IPA Server. Basically we
>>>> reached max. capacity of all 1st-level items.
>>>>
>>>> Solution:
>>>> Introduce new 1st-level items and redistribute 2nd-level items.
>>>>
>>>> Initial Draft:
>>>>
>>>> Identity (6)
>>>> - Users
>>>> - Groups
>>>> - Hosts
>>>> - Hostgroups
>>>> - Netgroups
>>>> - Services
>>>
>>> ok, though I have different division in mind.
>>>
>>>> Policy (5)  some better name?
>>>> - HBAC
>>>> - SUDO
>>>> - Automount
>>>> - Automember
>>>> - SELinux User Maps
>>>
>>> I am not sure about Automount, SUDO and Automember as they are not so about
>>> policy related to users but rather about central storage for native Linux
>>> services - similarly to DNS.
>>>
>>>> Authentication (4)
>>>> - Radius Server Proxy
>>>> - OTP Tokens
>>>> - Password Policy
>>>> - Kerberos Ticket Policy
>>>
>>> Hm, "Policy" is indeed strange.
>>>
>>>> Infrastructure (6)  some better name?
>>>> - DNS
>>>> - Realm Domains
>>>> - Trust
>>>> - Views
>>>> - ID Ranges
>>>> - Certificates
>>>>
>>>> Permissions (3)
>>>> - Role Based Access Control
>>>> - Self Service Permissions
>>>> - Delegation
>>>>
>>>> Configuration (1)
>>>> - Global
>>>
>>> Let me twist your proposal a bit and come to it from different way, i.e.
>>> thinking about what admin wants to do. If he wants to set up a user, he should
>>> not need to go to 2 different top level items.
>>>
>>> Users
>>> - Users
>>> - Groups
>>> - OTP Tokens
>>> - Password Policy
>>> - Automember
>>>
>>> Hosts
>>> - Hosts
>>> - Host groups
>>> - Netgroups
>>> - HBAC
>>> - SELinux User Maps
> 
> User maps are more about users than hosts. No?

They are both about users and hosts. You set up what SELinux role you want for
a user on given host. Similarly to HBAC.

> 
>>>
>>> Services
>>> - Services
>>> - SUDO
>>> - Automount
> 
> I do not like "services" on two levels but I can't come up with an alternative.
>>>
>>> Trusts
>>> - (future) Views
>>> - Trust configuration
>>> - Trusts
> 
> Ad other trusts in future

+1

> 
>>>
>>> Infrastructure
>>> - Certificates
>>> - DNS
>>> - Realm Domains
>>> - Kerberos Ticket Policy
>>> - (future) Replication topology
>>>
>>> Configuration
>>> - Global
>>> - RBAC
> 
> Is it IPA access control?

Yes - i.e. menu not useful for someone besides FreeIPA security admin.

> 
>>> - ID Ranges
> 
> I suggest different slicing:
> 
> Configuration
>  - Global
>  - Access control
>  - Realm Domains
>  - Kerberos Ticket Policy
>  - ID ranges

Hmm, that makes sense.

> 
> 
> Infrastructure
> - (future) Replication topology
> - DNS
> - (future) Vault
> 
> I am not sure about Certificates.
> Is it about root CA? Can you point me to a feature page that corresponds to
> this feature?

http://www.freeipa.org/page/V3/Cert_find

It gives you all certificates issued by FreeIPA PKI. Subsystem certificates,
service certificates.

> 
> Should we have also:
> (future) Support
> - Documentation
> - Project Wiki
> - File issue here
> ...

Maybe, though there is now About-ish menu already, in the top bar. Let me come
up with new proposal based on your comments and on Adam Young's ideas elsewhere
in the thread.

Users
- Users
- Groups
- SUDO

Hosts
- Hosts
- Host groups
- Services
- Netgroups
- Automount

Authentication
- OTP Tokens
- Password Policy
- Kerberos Ticket Policy

Policy
- HBAC
- SELinux User Maps
- Automember

Trusts
- Trust configuration
- Trusts
- (future) Views

Infrastructure
- Certificates
- DNS
- (future) Replication topology
- (future) Vault

Configuration
- Global
- Access Control (RBAC)
- Realm Domains
- ID Ranges

Martin

More information about the Freeipa-devel mailing list