> >
> > I don't think that is a good idea. Roles are associated with
> > Users and Users
> > are associated with Profiles. If you want to know all of the
> > profiles for a
> > given role, you should look at your Users to get that information.
> >
>
> Don't know if I follow that one.
> So if I create a profile for a user, and that user has a given role, then
> any other user who has that role would also be granted access to that
> user's
> profile?
>
> My intent in my original profile proposal was that any user who is granted
> a
> given role is also granted access to the profiles for that given role. The
> use-case was to share profiles(psml) by role -- i.e. psml pages for all
> accountants.
>
I guess, by saying this, it is trying to change the semantics of Turbine's
user-group-role access control semantics, where a role is always associated
to user-group combination and is not a separate entity. So there can be
multiple profiles associated to same role, through multiple groups. And
since a user can be in multiple groups, the one-to-many relationship between
user and profiles still holds. And as far as permissions goes, since they
are defined, per role basis, we are just fine.
Being said above, (and of-course if Jetspeed Profiler wants to follow
Turbine's Access Control) we need to extend, TURBINE_USER_GROUP_ROLE table
rather than TURBINE_USER table. We would be adding profiling information to
the TURBINE_USER_GROUP_ROLE table along with other parameters like
media-type, language, country etc..
Also, then the Profiler has to smart enough, to decide the exact profiler to
pick, depending upon the role/permissions. So, if a user is in two different
roles e.g. Architect and Programmer then a particular role has to take
precedence over the other. Some one (Jetspeed Administrator/Security
Portlet) has to maintain this information for Profiler.
Hope, I am not complicating things even further...
-Atul
> > > To store profiles for groups.
> >
> > You do realize that a "group" is not a group of users, but is really a
> > Project. It is badly named in Turbine (we have a proposal to
> > fix it), but
> > group == project.
> >
>
> I do realize it, because I have followed this exact same conversation on
> the
> turbine user list a few times.
> As we know, It would help if the table wasn't called TURBINE_GROUP ;)
> This is obviously confusing. How many times have you had to explain it.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
