[Freeipa-devel] Reorganization of Web UI navigation items
Martin Kosek
mkosek at redhat.com
Wed Jun 4 06:34:55 UTC 2014
On 06/03/2014 11:16 PM, Dmitri Pal wrote:
> On 06/03/2014 04:29 AM, Petr Spacek wrote:
>> On 3.6.2014 09:54, Martin Kosek wrote:
>>> On 06/02/2014 03:59 PM, Petr Vobornik wrote:
>>>> Hi List,
>>>>
>>>> the purpose if this mail is to start a discussion about reorganization of
>>>> navigation items. Users are not fond of such change so we should come up
>>>> with a
>>>> solution which would last for some time.
>>>>
>>>> Problem:
>>>> UX recommendation is that one menu level should contain maximum of 7 items. We
>>>> have 10 items in Identity, 7 in Policy and 7 in IPA Server. Basically we
>>>> reached max. capacity of all 1st-level items.
>>>>
>>>> Solution:
>>>> Introduce new 1st-level items and redistribute 2nd-level items.
>>>>
>>>> Initial Draft:
>>>>
>>>> Identity (6)
>>>> - Users
>>>> - Groups
>>>> - Hosts
>>>> - Hostgroups
>>>> - Netgroups
>>>> - Services
>>>
>>> ok, though I have different division in mind.
>>>
>>>> Policy (5) some better name?
>>>> - HBAC
>>>> - SUDO
>>>> - Automount
>>>> - Automember
>>>> - SELinux User Maps
>>>
>>> I am not sure about Automount, SUDO and Automember as they are not so about
>>> policy related to users but rather about central storage for native Linux
>>> services - similarly to DNS.
>>>
>>>> Authentication (4)
>>>> - Radius Server Proxy
>>>> - OTP Tokens
>>>> - Password Policy
>>>> - Kerberos Ticket Policy
>>>
>>> Hm, "Policy" is indeed strange.
>>>
>>>> Infrastructure (6) some better name?
>>>> - DNS
>>>> - Realm Domains
>>>> - Trust
>>>> - Views
>>>> - ID Ranges
>>>> - Certificates
>>>>
>>>> Permissions (3)
>>>> - Role Based Access Control
>>>> - Self Service Permissions
>>>> - Delegation
>>>>
>>>> Configuration (1)
>>>> - Global
>>>
>>> Let me twist your proposal a bit and come to it from different way, i.e.
>>> thinking about what admin wants to do. If he wants to set up a user, he should
>>> not need to go to 2 different top level items.
>>>
>>> Users
>>> - Users
>>> - Groups
>>> - OTP Tokens
>>> - Password Policy
>>> - Automember
>>>
>>> Hosts
>>> - Hosts
>>> - Host groups
>>> - Netgroups
>>> - HBAC
>>> - SELinux User Maps
>
> User maps are more about users than hosts. No?
They are both about users and hosts. You set up what SELinux role you want for
a user on given host. Similarly to HBAC.
>
>>>
>>> Services
>>> - Services
>>> - SUDO
>>> - Automount
>
> I do not like "services" on two levels but I can't come up with an alternative.
>>>
>>> Trusts
>>> - (future) Views
>>> - Trust configuration
>>> - Trusts
>
> Ad other trusts in future
+1
>
>>>
>>> Infrastructure
>>> - Certificates
>>> - DNS
>>> - Realm Domains
>>> - Kerberos Ticket Policy
>>> - (future) Replication topology
>>>
>>> Configuration
>>> - Global
>>> - RBAC
>
> Is it IPA access control?
Yes - i.e. menu not useful for someone besides FreeIPA security admin.
>
>>> - ID Ranges
>
> I suggest different slicing:
>
> Configuration
> - Global
> - Access control
> - Realm Domains
> - Kerberos Ticket Policy
> - ID ranges
Hmm, that makes sense.
>
>
> Infrastructure
> - (future) Replication topology
> - DNS
> - (future) Vault
>
> I am not sure about Certificates.
> Is it about root CA? Can you point me to a feature page that corresponds to
> this feature?
http://www.freeipa.org/page/V3/Cert_find
It gives you all certificates issued by FreeIPA PKI. Subsystem certificates,
service certificates.
>
> Should we have also:
> (future) Support
> - Documentation
> - Project Wiki
> - File issue here
> ...
Maybe, though there is now About-ish menu already, in the top bar. Let me come
up with new proposal based on your comments and on Adam Young's ideas elsewhere
in the thread.
Users
- Users
- Groups
- SUDO
Hosts
- Hosts
- Host groups
- Services
- Netgroups
- Automount
Authentication
- OTP Tokens
- Password Policy
- Kerberos Ticket Policy
Policy
- HBAC
- SELinux User Maps
- Automember
Trusts
- Trust configuration
- Trusts
- (future) Views
Infrastructure
- Certificates
- DNS
- (future) Replication topology
- (future) Vault
Configuration
- Global
- Access Control (RBAC)
- Realm Domains
- ID Ranges
Martin
More information about the Freeipa-devel
mailing list