josef reidinger schrieb:
I think that it is a futile attempt to overcome the initial problem
of having too many permissions to deal with.
How about removing them instead? That means not having the complete
"API" of YaST accessible via DBus, but it is not a real API anyway.
Instead, we should build the API to fit the permissions.
What about use two tool over permissions? So we provide via dbus atomic
permission to change one enclosed atribute and then have in webyast
client for changing permission which provide agregate permissions and
can change set of atomic permissions like Change http server which
ensure that all atomic permission needed for http server is provided (of
course provide info what atomic permission it is). I think that for
admins is more important what exactly can user change (single values)
then high level abstraction permission which can change more then admin
want.
Josef
I think we can solve this completely by:
- Use granulated permissions if it really needed only.
- Using tree structure if a granulation is needed. It is the taks of
WebYaST to
make this structure useful for the admin.
By the way please regard that the REST-webservice acces YaST via the
YaST-DBUS interface. This REST-service is running under the user yastws.
So permissions has also to be set for this user too. This will be managed in
the SPEC file while installing the package.
Greetings
Stefan
--
*******************************************************************************
Stefan Schubert
SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany
e-mail: [email protected]
-------------------------------------------------------------------------------
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
