[Mapbender-dev] Motion to enhance the user/group model
Len Kne
knex0001 at umn.edu
Mon Jun 9 10:57:03 EDT 2008
Christoph
Ideally WMS and WFS should be "ownable" by a group, for ease of management
and for consistency throughout Mapbender. The changes needed to make this
happen are more substantial then the user/group/application changes in the
proposal.
Taking WMS for example, the field wms.wms_owner identifies the owner. That
user has write access to the WMS and read access is controlled by access to
an application - any user with access to an application with a WMS can read
that WMS. One solution would be to separate WMS access from the application
and control read/write access through a couple of tables (wms_mb_group &
wms_mb_user) like what is done with an application. There are benefits to
this approach (user level control to a WMS), but it separates service access
from the application, does this violate the Mapbender design? Another
option would be to put a WMS in a group whose members have management rights
- this seems backwards and somewhat confusing to me.
Any ideas from devs?
Thanks
Len
> -----Original Message-----
> From: mapbender_dev-bounces at lists.osgeo.org
> [mailto:mapbender_dev-bounces at lists.osgeo.org] On Behalf Of
> Christoph Baudson
> Sent: Monday, June 09, 2008 6:54 AM
> To: Mapbender Developer List
> Subject: Re: [Mapbender-dev] Motion to enhance the user/group model
>
> Hi Len
>
> before casting my vote I want to discuss one more thing. At
> the moment, only users can own WMS and WFS. Is that some kind
> of a problem? Do we want/need groups to own services?
>
> Beside this point I'm positive on your motion, as it only
> adds functionality. If you don't need the enhanced group
> model, you can stick with the old model.
>
> Thanks
>
> Christoph
>
> Len Kne schrieb:
> > Greetings
> >
> > After discussion at the last several IRC meetings, I motion to:
> >
> > 1. Add a table mb_group_mb_group
> >
> > 2. Allow groups to own applications/guis
> >
> > 3. Allow an owner of a group to administer members of that group
> >
> > Background
> >
> > The overall goal of this motion is to simplify the
> administration of
> > users, groups, and applications. Allowing groups to be members of
> > groups may reduce the number of groups needed in a Mapbender
> > installation. Allowing a group to "own" an application and
> owners of
> > a group to edit members will help Mapbender installations with
> > multiple administrators. Some more details for the three parts.
> >
> > 1. Adding the table mb_group_mb_group will allow groups to
> be members
> > of other groups. This will simplify "read" access to
> applications by
> > allowing a hierarchical structure of groups. The table
> will consist
> > of two columns, fkey_mb_group_id and
> fkey_mb_parent_group_id. Minor
> > changes will be needed in class_user to query the new table and
> > determine user application permissions. This change does
> not remove
> > or change any current functionality of the user/group model.
> >
> > 2. Most of the pieces needed for groups to own applications are
> > already in place, they just need to be enabled. Currently
> > gui_mb_group.mb_group_type is unused, but could perform the same
> > function as gui_mb_user.mb_user_type. The function
> getOwnerByGui in
> > class_administration already queries to
> gui_mb_group.mb_group_type to
> > assign application ownership, but most modules are
> currently not using
> > this class. As part of the administration module work this
> summer, I
> > propose to change the modules to use this administration
> class. The
> > only step left for groups to own applications is to create a simple
> > module for people to add the owner attribute to the table
> (similar to
> > mod_gui_owner). This change does not remove or change any current
> > functionality of the user/group model.
> >
> > 2a. Optionally, it may make sense to combine the functionality of 1
> > and 2 together. Currently class_user creates an array with what
> > applications a user has "read" access to and class_administration
> > creates an array of owners with "write" access. Combining
> these into
> > one function would produce an array with user access level to an
> > application (by including owner, they have write access).
> This could
> > allow for other levels of access ton an application in the future.
> >
> > 3. Currently users can only be edited by a single owner.
> This makes
> > it hard for Mapbender installations with multiple administrators to
> > manage users - for example an administrator may not be able
> to manage
> > a user that is using an application they manage because the
> user was
> > created by another admin. This change will create a class
> that will
> > allow an owner of a group to fully manage members (users and other
> > groups) of the group, including editing, creating, and
> deleting. This
> > way administrative functions could be distributed. No new
> tables or
> > fields (with the exception of the new table in 1) are
> needed for this
> > motion.
> >
> > 3a. This motion could have security implications for
> current Mapbender
> > installations depending on how groups are setup. It is therefore
> > recommended that a new variable be added to Mapbender.conf to allow
> > administrators to enable/disable this functionality.
> >
> > Link to previous discussion
> > http://lists.osgeo.org/pipermail/mapbender_dev/2008-June/001216.html
> >
> > Thanks
> >
> > Len
> >
> ----------------------------------------------------------------------
> > --
> >
> > _______________________________________________
> > Mapbender_dev mailing list
> > Mapbender_dev at lists.osgeo.org
> > http://lists.osgeo.org/mailman/listinfo/mapbender_dev
> >
>
>
> --
> _______________________________________
>
> W h e r e G r o u p GmbH & Co. KG
>
> Siemensstraße 8
> 53121 Bonn
> Germany
>
> Christoph Baudson
> Anwendungsentwickler
>
> Fon: +49 (0)228 / 90 90 38 - 15
> Fax: +49 (0)228 / 90 90 38 - 11
> christoph.baudson at wheregroup.com
> www.wheregroup.com
> Amtsgericht Bonn, HRA 6788
> _______________________________________
>
> Komplementärin:
> WhereGroup Verwaltungs GmbH
> vertreten durch:
> Arnulf Christl, Olaf Knopp, Peter Stamm
> _______________________________________
>
>
> _______________________________________________
> Mapbender_dev mailing list
> Mapbender_dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>
More information about the Mapbender_dev
mailing list