[katello-devel] Updated Permission matrix
Lukas Zapletal
lzap at redhat.com
Tue Jul 19 11:41:27 UTC 2011
On 07/18/2011 11:51 PM, Partha Aji wrote:
>> This was incorrect assumption. A user can be tied to (0..n)
>> > organizations using permissions (his own role). There will be no
>> > User-Org database relationship at all.
>> >
> I know the model allows it. But does the existence of such a user make sense ?
> I mean what can a user who is part of no org do?
It's more technical thing. User will be able to assign permissions to
other users to access their organizations. We still need to implement
organization access permission. Why to introduce explicit org-user
relationship and check it twice in the code (one time the explicit
relationship, second time the permission)?
It could work without this explicit relationship. I think this is the
idea, Bryan, is it?
> OR are you trying to say that Whoever has the authority to manage , as in the Creator
> of the user Foo can setup the "self role" of user Foo in such a way that Foo can access specific organizations ?
> In that case we would not want Foo be able to edit his own 'self-role' permissions right ???
I don't know what requirements are in this case. I would expect creators
to be able to do anything with "their" objects. Except deleting the
permission itself.
At the end of the day we should not allow users to modify their "own"
(self-role) permissions which have been created by the Katello itself.
We may need to flag them somehow as "system created permissions" and
disallow users to modify them.
--
Later,
Lukas Zapletal | E32E400A
RHN Satellite Engineering
Red Hat Czech s.r.o. Brno
More information about the katello-devel
mailing list