Our use case in general is: We plan to allow users to openly login (which creates their initial account) to our app using google account, google apps domain account or openid.
We plan to allow some users to be given "super-user" permissions for the application instance. They in turn will be able to give other users super-user permissions for a given area of the app. How to start the process of allowing super-user permissions? i.e. who is the first super-user, or the root user who starts that process, but in a secure and controlled fashion (not just the first person to log-in!). Our idea was to have the application deployer be detected on first login to the application (via google account, open id or other) via their e-mail address and be give "first super-user" or "root" permissions. They can then convert other users to super-users and everything if off and running. Just becase a Google Apps Domain user is the admin for the domain doesn't necessarily mean they should be able to admin any/all deployed instances of the application in that domain.... Conversely, to allow someone to admin the app we'd prefer to NOT give them admin permissions for the whole Google Apps Domain.... This made us look for alternatives to just checking if the user is an admin using the Users API. We want to have the app deployed on multiple different application IDs, and on different Google App Domains, and to have control over who is the "root" user on each independently, without hard-coding user names and passwords into the code or config files, so that the same "war" could be deployed to multiple appID/domains without change. If there is another recommended way of doing this, or similar, then we'd be interested to hear more about ir (and especially see sample code in Java :-) ). thanks. -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.