Yes, the whole directory is arranged as a tree - which is an LDAP thing,
not an NDS thing.
By the way, groups in NDS would be similar to Domains in Active Directory.
Also keep in mind that I'm not proposing that we change how the current
permissions checking behaves. I'm only proposing a means of managing the
existing permissions checking process outside of OFBiz.
Associating content permissions to a user based on the user's role
within an organization would be handled best by the content component.
Regarding Bruno's comment - keep in mind that OFBiz users are not
necessarily parties, and parties are not necessarily OFBiz users. A user
would need to authenticate to the OFBiz framework, a party would not.
-Adrian
Al Byers wrote:
Adrian,
This really helps. I am starting to see what the api for the integrated
permission utility would be. "Trustee" relationship is the word for the
relationship between objects (in my case, content records) and party with
permissions. In the NDS scheme can trustee groups be hierarchically
arranged?
It seems like somethings like Content records would not be appropriate for
the LDAP to manage and others, like ContactMechs, might blur the line of
what is appropriate.
In regards to Bruno's comments, I have not been keeping up with the
"framework only" project. Is it going to exclude Party? It seems like
permission checking would not be needed in an app that did not use Party.
-Al
