[Phpgroupware-tracker] [ 100483 ] User visibility and domain support

phpgroupware-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [ 100483 ] User visibility and domain support

From:	nobody
Subject:	[Phpgroupware-tracker] [ 100483 ] User visibility and domain support
Date:	Fri, 06 Dec 2002 22:51:01 -0500

Support Request #100483, was updated on 2002-Feb-26 07:23
You can respond by visiting: 
http://savannah.gnu.org/support/?func=detailsupport&support_id=100483&group_id=509

Category: Question
Status: Open
Priority: 5
Summary: User visibility and domain support

By: skwashd
Date: 2002-Dec-07 14:51
Logged In: YES 
user_id=2480
Browser: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826

I have allocated this one to our ldap dev ... he will have a
look at it and get back to you on it.

----------------------------------------------------------------------

By: passionplay
Date: 2002-Dec-07 12:32
Logged In: NO 
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)

Easy. When you log in, every single user that has an 
account in the system is visible to every single other 
user. Not only that, but you can tell what groups a user 
belongs to, and because the original system uses membership 
groups for role administration, belonging to a group 
automatically determines the role the user has.

The patches I created have the following attributes:

a) Opaque groups where membership is not visible, so rights 
can be assigned anonymously, so that users can't complain 
that one user has a higher level of access than another.

b) All users can see each other in the directory. In my 
patch, only users in common groups other than opaque groups 
can see each other.

There really is no need for all users to know who is in the 
Ops group.

And if users are from 2 separate domains on the same 
machine, there is no need to have 2 separate databases. 
Since membership visibility is governed by common 
membership, if all users for each domain belong to a 
particular group, then only those users that are in that 
particular group can see each other.

Example:

Corporate system: Purchasing, Quality and Accounting.
Although each of these groups is part of the same 
organization, they each have their own administration 
protocols, and so they shouldn't necessarily be able to see 
everyone in the contact database. Just those people they 
should be able to get in touch with. Should there be a need 
to email directly, they can do so, but not just at random.

Privileged system: Different users on a dating site in 
different areas, romance, or just plain dating shouldn't be 
able to see each other unless they belong to the right 
community.

And so on and so forth.

The HR application, just assumes that everyone should be 
visible. Period.

What if some users should remain privileged???

Am I shedding any light?

P.S. As far as domain support, how do you support multiple 
domains in PHPGroupWare natively in the same database????

And if it's not in the same database, you DO realize you're 
setting up a headache for maintenance now, right? :)

Thanks!!! :)

Shamim

----------------------------------------------------------------------
You can respond by visiting: 
http://savannah.gnu.org/support/?func=detailsupport&support_id=100483&group_id=509

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-tracker] [ 100483 ] User visibility and domain support, nobody, 2002/12/06
- [Phpgroupware-tracker] [ 100483 ] User visibility and domain support, nobody, 2002/12/06
- [Phpgroupware-tracker] [ 100483 ] User visibility and domain support, nobody <=

Prev by Date: [Phpgroupware-tracker] [ 101399 ] error message when I wish to install app
Next by Date: [Phpgroupware-tracker] [Patch #434] ACL Groups and email pagination changes
Previous by thread: [Phpgroupware-tracker] [ 100483 ] User visibility and domain support
Next by thread: [Phpgroupware-tracker] [ 100538 ] IMAP/E-Mail Support
Index(es):
- Date
- Thread