[geeklog-devel] Restricted User Admin Feature

Tony Bibbs tony at tonybibbs.com
Fri Jun 4 11:40:37 EDT 2004


With that many users, don't they have some sort of local directory to 
use (e.g. LDAP, AD, Domino)?  If so, this might be a good time to look 
into splitting out authentication and authorization into a more modular 
state to allow for custom security systems.

--Tony

Blaine Lang wrote:

>Thinking about this a bit more -- I see it will be a bit more involved
>
>Restricted admin needs to be able to:
>  - Add, edit, delete users
>  - Need to be able to add/edit group membership
>  - Need to control groups that are listed or availble to this restricted
>admin.
>  - Can't have them assign Root to  a new user (doh!)
>
>The client has 8000+ users and 800 groups so I will be making some other
>admin and UI enhancements.
>
>I've yet to look at the code so I know there are likely more considerations
>that I've missed.
>
>Blaine
>
>----- Original Message ----- 
>From: "Blaine Lang" <geeklog at langfamily.ca>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Friday, June 04, 2004 10:10 AM
>Subject: Re: [geeklog-devel] Restricted User Admin Feature
>
>
>The "Restricted" admin would be able to admin any users that are in its
>group of controlled users.
>
>So team-admin has the "restricted_user_admin" feature and it's been assigned
>groups A and B.
>Any users in Groups A or B can not be administrated by the "team-admin"
>
>Thats the concept -- I've not looked at the user admin code to see what
>issues I may have. I was thinking I would only need to made changes to this
>script such that the list of users would be filtered and adittional logic to
>check for this restricted admin rights.
>
>This is easier if there is only one level of restricted admin but more
>involved if this supports multiple
>teamAdmin1 has admin over users in groups 1 2 and 3
>teamAdmin2 has admin over users in groups 5 6 and 7
>
>Blaine
>
>----- Original Message ----- 
>From: "Tony Bibbs" <tony at tonybibbs.com>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Friday, June 04, 2004 9:39 AM
>Subject: Re: [geeklog-devel] Restricted User Admin Feature
>
>
>How, exactly are they restricted?  I'm not totally understanding the
>concept.
>
>--Tony
>
>Blaine Lang wrote:
>
>  
>
>>I have a client requesting a MOD to support a "Restricted User Admin" and I
>>know this is a GL feature that has been requested before.  Is there
>>    
>>
>interest
>  
>
>>in rolling this feature once completed and tested into GL ?
>>
>>The easist way is to create a new feature "RestrictedUserAdmin" and then
>>have a $_CONF parm that contained the user groups that anyone with this
>>feature had admin rights over.
>>
>>The second and more flexible would require a new table and a new admin
>>screen that would allow the Root to create any number of Restricted Admins
>>and assign user group ownership to.
>>
>>Optionally, the $_CONF parm could be an array that supported multiple
>>    
>>
>number
>  
>
>>of admins. I don't see it being a commonly used admin feature but one
>>    
>>
>larger
>  
>
>>site and corporate users are going to want.
>>
>>Please let me know if there is general interest or any preferred
>>implementation direction.
>>
>>Blaine
>>
>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>
>>    
>>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>  
>



More information about the geeklog-devel mailing list