[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [ 100483 ] User visibility and domain support
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [ 100483 ] User visibility and domain support |
Date: |
Fri, 06 Dec 2002 20:32:04 -0500 |
Support Request #100483, was updated on 2002-Feb-25 15:23
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100483&group_id=509
Category: Question
Status: Open
Priority: 5
Summary: User visibility and domain support
By: passionplay
Date: 2002-Dec-06 20:32
Logged In: NO
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)
Easy. When you log in, every single user that has an
account in the system is visible to every single other
user. Not only that, but you can tell what groups a user
belongs to, and because the original system uses membership
groups for role administration, belonging to a group
automatically determines the role the user has.
The patches I created have the following attributes:
a) Opaque groups where membership is not visible, so rights
can be assigned anonymously, so that users can't complain
that one user has a higher level of access than another.
b) All users can see each other in the directory. In my
patch, only users in common groups other than opaque groups
can see each other.
There really is no need for all users to know who is in the
Ops group.
And if users are from 2 separate domains on the same
machine, there is no need to have 2 separate databases.
Since membership visibility is governed by common
membership, if all users for each domain belong to a
particular group, then only those users that are in that
particular group can see each other.
Example:
Corporate system: Purchasing, Quality and Accounting.
Although each of these groups is part of the same
organization, they each have their own administration
protocols, and so they shouldn't necessarily be able to see
everyone in the contact database. Just those people they
should be able to get in touch with. Should there be a need
to email directly, they can do so, but not just at random.
Privileged system: Different users on a dating site in
different areas, romance, or just plain dating shouldn't be
able to see each other unless they belong to the right
community.
And so on and so forth.
The HR application, just assumes that everyone should be
visible. Period.
What if some users should remain privileged???
Am I shedding any light?
P.S. As far as domain support, how do you support multiple
domains in PHPGroupWare natively in the same database????
And if it's not in the same database, you DO realize you're
setting up a headache for maintenance now, right? :)
Thanks!!! :)
Shamim
----------------------------------------------------------------------
By: passionplay
Date: 2002-Aug-30 06:20
Logged In: NO
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)
If you look in patch 434, I have created groups that allow
opaque membership, so that only transparent groups allow
you to see who else is in the group.
This allows for groups that assign 'roles' to not have to
broadcast their members to the users.
Most applications honor the groups and the memberships
therein.
The HR application on the other hand does not. It simply
shows you everyone in the system.
When PHPGroupware is set up for multiple domains, do you
need multiple databases to support the extra domains?
And how do you prevent users of one virtual domain from
seeing users in a different virtual domain?
One way would be to make the HR application honor the group
membership and to automatically make all users of a single
virtual domain, belong to a initially to a group with the
same name as their domain. when the account was created.
This group would be ONLY for HR group usage and those
people in the HR group would be visible to others in the
same group. Just like we have for the Time_Track facility.
P.S. How do I get patch 434 incorporated into the main
tree??
Thanks!!!
----------------------------------------------------------------------
You can respond by visiting:
http://savannah.gnu.org/support/?func=detailsupport&support_id=100483&group_id=509