[Zope-dev] Moving forward on Zope 2.6

Jim Penny jpenny@universal-fasteners.com
Wed, 20 Mar 2002 13:29:39 -0500 

On Wed, Mar 20, 2002 at 07:01:13PM +0100, Lennart Regebro wrote:
> From: "Jim Penny" <jpenny@universal-fasteners.com>
> 
> > I now have two kinds of administrators, and two kinds of users.
> 
> An interesting case. If I understand it correctly, with our workgroups
> scheme,the restricted administrators would have administration rights on a
> workgroup. They would then be able to create users and add them to the
> workgroup they manage, but they wouldn't be able to give the users any
> priviligies outside the workgroup, and hence the new users priviligies would
> be limited to whatever priviligies they can get through the workgroup.
> 
> 

Right, although they may have adminstration priveleges on a set of
workgroups.  To give a motivation, consider a large company that has
parallel design groups.  The groups are intentionally kept in the dark
about the other groups' work.  Some companies do this to get a variety
of choices to base the final decision on.  Just to label them, call them
Green, Blue, and Red teams.

In this case, I might delegate an administrator who has authority over
all of these teams, i.e, the administrator can (partially) control users 
or other administrators who have a subset of (Green, Red, and Blue) in 
their group list.

The administrator, being a busy fellow himself, might create a Red
administrator, who can (partially) control users or other adminstrators
that have Red in their group list.

Now, I am not really deep into modifying Zope core code at this point.
The list of acceptable groups is available for any given user.  The
application programmer handles authorization and presentation.

We have to have this for both reasons of scale and delegation of
authority.  Some, even many, of the design teams themselves use
sub-contractors.  We have no way of knowing the contractor's day-to-day
relationships with the groups, and prefer not to know.  Also, we are in
a somewhat incestuous industry, and people move from company to company.
While they obviously have what is in their head at the time of the move,
we do not wish to give them knowledge of future plans.

There are interesting policy decisions to make.  Should an administrator
be allowed to grant workgroup access to a pre-existing user?  Can an
administrator change a pre-existing user into an administrator?  What
does delete mean if the use has workgroups that the administrator does
not control?  Can the administrator see what workgroups the user has?

Jim