[geeklog-devel] Restricted User Admin Feature
Tony Bibbs
tony at tonybibbs.com
Fri Jun 4 11:40:37 EDT 2004
With that many users, don't they have some sort of local directory to
use (e.g. LDAP, AD, Domino)? If so, this might be a good time to look
into splitting out authentication and authorization into a more modular
state to allow for custom security systems.
--Tony
Blaine Lang wrote:
>Thinking about this a bit more -- I see it will be a bit more involved
>
>Restricted admin needs to be able to:
> - Add, edit, delete users
> - Need to be able to add/edit group membership
> - Need to control groups that are listed or availble to this restricted
>admin.
> - Can't have them assign Root to a new user (doh!)
>
>The client has 8000+ users and 800 groups so I will be making some other
>admin and UI enhancements.
>
>I've yet to look at the code so I know there are likely more considerations
>that I've missed.
>
>Blaine
>
>----- Original Message -----
>From: "Blaine Lang" <geeklog at langfamily.ca>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Friday, June 04, 2004 10:10 AM
>Subject: Re: [geeklog-devel] Restricted User Admin Feature
>
>
>The "Restricted" admin would be able to admin any users that are in its
>group of controlled users.
>
>So team-admin has the "restricted_user_admin" feature and it's been assigned
>groups A and B.
>Any users in Groups A or B can not be administrated by the "team-admin"
>
>Thats the concept -- I've not looked at the user admin code to see what
>issues I may have. I was thinking I would only need to made changes to this
>script such that the list of users would be filtered and adittional logic to
>check for this restricted admin rights.
>
>This is easier if there is only one level of restricted admin but more
>involved if this supports multiple
>teamAdmin1 has admin over users in groups 1 2 and 3
>teamAdmin2 has admin over users in groups 5 6 and 7
>
>Blaine
>
>----- Original Message -----
>From: "Tony Bibbs" <tony at tonybibbs.com>
>To: <geeklog-devel at lists.geeklog.net>
>Sent: Friday, June 04, 2004 9:39 AM
>Subject: Re: [geeklog-devel] Restricted User Admin Feature
>
>
>How, exactly are they restricted? I'm not totally understanding the
>concept.
>
>--Tony
>
>Blaine Lang wrote:
>
>
>
>>I have a client requesting a MOD to support a "Restricted User Admin" and I
>>know this is a GL feature that has been requested before. Is there
>>
>>
>interest
>
>
>>in rolling this feature once completed and tested into GL ?
>>
>>The easist way is to create a new feature "RestrictedUserAdmin" and then
>>have a $_CONF parm that contained the user groups that anyone with this
>>feature had admin rights over.
>>
>>The second and more flexible would require a new table and a new admin
>>screen that would allow the Root to create any number of Restricted Admins
>>and assign user group ownership to.
>>
>>Optionally, the $_CONF parm could be an array that supported multiple
>>
>>
>number
>
>
>>of admins. I don't see it being a commonly used admin feature but one
>>
>>
>larger
>
>
>>site and corporate users are going to want.
>>
>>Please let me know if there is general interest or any preferred
>>implementation direction.
>>
>>Blaine
>>
>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>>
>>
>>
>>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
>_______________________________________________
>geeklog-devel mailing list
>geeklog-devel at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
More information about the geeklog-devel
mailing list