A2: ["For a given user if the user does not have a PSML then the role's PSML can be taken in and if that is not present then the Group PSML is taken in"],: This just how the behavior is...it was just general knowledge for you...:-). You are right about atleast one role being assigned to the user ...the group thingy is just something I found when I was playing around with it...that when I delete the role PSML the group PSML is considered. In your problem definition I do not think you need to be concerned with this.
["You can use Groups as logical dividers...as in have "Dallas" group and 'Orlando' group and make all the roles and users belong to the relevant groups."]- In 1.5 you can assign groups to role...login in admin/Jetspeed and look at the User browser (Group-Roles link). And users can also belong to groups...that is how we are using groups. We are using groups as it makes sense to us...:-) We do not associate group-to-role level (but it can be used like that). Also look at the database table Turbine-User-Group-Role. Initially why we could arbitrarily assign groups to roles or users did not really make sense...but then we found a way to use it to our advantage. And yes I'm saying to set the config to use role-based PSML and then assign users or roles to groups. The groups assignment is really independent of the fact it is role-based. And yes you are right about the merge (that it does not involve code change...a property setting should help). But even when the user is assigned to multiple roles only one PSML is picked up for display (so there is definitely more work when the merge needs to be performed). When user is assigned to multiple roles the role-merge really makes sense because the issue with multiple roles is which PSML will the user get to see (that is never dictated by any configuration...it seems random...maybe the PSML of the first role in the list of roles for that user)...I currently have the same issue...As a first cut we do not support users having multiple roles. I hope I sort of cleared your doubts...let me know....also look at the mailing list for similar discussions...there was one thread that explained this theory real well...I never bookmarked it...:-( Regards, Archana ________________________________ From: Mehdi Bennani [mailto:[EMAIL PROTECTED] Sent: Sunday, January 30, 2005 6:49 PM To: Jetspeed Users List; Archana Turaga Subject: RE: Profiles and PSML issues, jetspeed 1.5 Thanks Archana for your answers, very helpful. I'll start with number 2 as this is the only one still unclear. 2. I think I understand what you are saying and it is actually very close from what we are trying to achieve. Your 'Orlando' and 'Dallas' groups are our 'California' and 'Nevada' institutions...and grouping them this way would make lots of sense to us. But I am not sure to understand how jetspeed supports that. When you say: ["For a given user if the user does not have a PSML then the role's PSML can be taken in and if that is not present then the Group PSML is taken in"], how would Group PSML be taken in, as users of the system have always at least one role, the default 'user' role. If I make my user part of the "California" institution group, by default it gets added to the CaliforniaUser grouprole. And in that case he/she gets the "user" role PSML profile. So, how can the group PSML be taken in? Is there anything in the config files? Then, when you say: ["You can use Groups as logical dividers...as in have "Dallas" group and 'Orlando' group and make all the roles and users belong to the relevant groups."] Are you saying we can set our config files to use role-based PSML fallback and at the same time make users and roles belong to groups? and how can roles belong to groups? 3. I understand your solution and it actually may cut it for us too. Thank you for the tip! 1. Yeah I understand that with this current behavior, user can inherit a profile made of their multiple roles, and then they can change it on their own and customize it. That's one approach. However, there are cases where you do not want the user to customize their look and feel and let the admin takes care of that. And in that case, you want all the users to inherit that. Yes, it would be expensive, but isn't exactly what it's being done right now with one role only, when role PSML is true and merge=false. The only difference is the number of roles you are using to create the profile. Instead of taking one, we can take many. I think it's a feature that would certainly be useful, and that comes almost for free in terms of the code needed. It could be a configuration parameter to set the behavior (dynamic vs. static role merge). Mehdi-- -----Original Message----- From: Archana Turaga [mailto:[EMAIL PROTECTED] Sent: Friday, January 28, 2005 11:31 AM To: Jetspeed Users List Subject: RE: Profiles and PSML issues, jetspeed 1.5 I hope the answers help. A1: I also had the same query for this particular property. But since we do not need role-merge we are happily using role-based only without role-merge. But my point of view...The PSML file after the merge is done, is completely different from any of the roles (sort of not role-based anymore) ...therefore the user will have a separate PSML file because if the user chooses to customize then the customization happens only for the user's view. Since PSML is a static entity and needs to be present in the file system what you suggested may not work...although to make it work it may mean you want to always build a PSML on the fly for a given user whenever the user logs in based on the roles the user belongs to...maybe expensive too. A2: In Jetspeed 1.5 group and role can be used interchangeably. But the algorithm for the PSML goes like this. For a given user if the user does not have a PSML then the role's PSML can be taken in and if that is not present then the Group PSML is taken in. You can use Groups as logical dividers...as in have "Dallas" group and "Orlando" group and make all the roles and users belong to the relevant groups. That is how we are using it in our environment. A3: There is a property setting "services.JetspeedSecurity.role.default" in JetspeedSecurity.properties which drives what role that user should get assigned to if the user is new. You can change this to your "External users" role. For internal users The Admin guy can always change the default "External users" to a role "Internal users" for new users. Since Admin is adding the internal users I think what you brought up may not be a issue if what I just suggested is not a problem with you. Yes you are right...that the setting cannot be dynamically changed at runtime. Archana -----Original Message----- From: Mehdi Bennani [mailto:[EMAIL PROTECTED] Sent: Friday, January 28, 2005 8:23 AM To: jetspeed-user@jakarta.apache.org Subject: Profiles and PSML issues, jetspeed 1.5 I am running jetspeed 1.5 and I have the following 3 questions regarding Profiles and PSMLs. Question # 1: ========== When the properties(in jetspeedResources.properties): - newuser.template is set to nothing - rolefallback is set to true and - rolemerge = false, all newly created users get the profile of the default role any newly created user is in. (i.e: value of services.JetspeedSecurity.newuser.roles or first element of that if comma delimited value is entered). Also, no actual PSML file gets created for those users ( I mean in the file system ) and they will share that role profile.... Now, if you add rolemerge=true, all newly created users will get an aggregate of the roles they are part of...so far so good...but an actual PSML profile will get created for them in the file system as soon as they login! >From there on, they have their own view of the things! My question is why is that? Why not having the same behavior as when rolemerge = false (i.e: sharing the same PSML..). That way as soon as the admin changes the portlets and panes for any of those default user roles, it will automatically apply to them, which is not the case right now. So my question is, is there a specific reason for that behavior or for not having that behavior? Question # 2: ========== I see the reason behind user PSML, role PSML, but why is group PSML relevant? I mean why would I create a group PSML (through the PSML browser) AND how would I even use it?? Question # 3: ========= In our application we have two types of users that will be created: users who belong to an institution and users who do not belong to any institution (internal vs. external users) External users create 'themselves' by registering to the application through the 'create new account' link in the anonymous view of the jetspeed portal. For that, we are thinking to use role based PSML and as default role an "externalUsers" role, so that external users have all the same view of the application. Internal users on the other hand get created by the admin of the institution and we would like to have their profile based on a different role PSML, say an "internalUsers" role, a role with different features/panels and so on. So here, we would have liked to say if user is being created by the admin of the institution, create a profile based on the 'internalUsers' roles, but if it is an external user (ie. Anonymous) create a role PSML based profile based on the 'externalUsers' role. But, if I am right we cannot set that programmatically? I.e: you can not decide which default role PSML to point to for newly added users, at run time! Thank you. Mehdi-- -----Original Message----- From: Archana Turaga [mailto:[EMAIL PROTECTED] Sent: Fri 1/28/2005 11:30 AM To: Jetspeed Users List Cc: Subject: RE: Profiles and PSML issues, jetspeed 1.5 I hope the answers help. A1: I also had the same query for this particular property. But since we do not need role-merge we are happily using role-based only without role-merge. But my point of view...The PSML file after the merge is done, is completely different from any of the roles (sort of not role-based anymore) ...therefore the user will have a separate PSML file because if the user chooses to customize then the customization happens only for the user's view. Since PSML is a static entity and needs to be present in the file system what you suggested may not work...although to make it work it may mean you want to always build a PSML on the fly for a given user whenever the user logs in based on the roles the user belongs to...maybe expensive too. A2: In Jetspeed 1.5 group and role can be used interchangeably. But the algorithm for the PSML goes like this. For a given user if the user does not have a PSML then the role's PSML can be taken in and if that is not present then the Group PSML is taken in. You can use Groups as logical dividers...as in have "Dallas" group and "Orlando" group and make all the roles and users belong to the relevant groups. That is how we are using it in our environment. A3: There is a property setting "services.JetspeedSecurity.role.default" in JetspeedSecurity.properties which drives what role that user should get assigned to if the user is new. You can change this to your "External users" role. For internal users The Admin guy can always change the default "External users" to a role "Internal users" for new users. Since Admin is adding the internal users I think what you brought up may not be a issue if what I just suggested is not a problem with you. Yes you are right...that the setting cannot be dynamically changed at runtime. Archana
