[TYPO3-english] Management of high number of groups with a few "roles"

[Christopher Torgalson]

Hi Xavier,

2009/3/17 Xavier Perseguers <typo3 at perseguers.ch>:
> Hi,
>
> Does someone already experienced having to manage high number of groups
> (let's say you have 50+ non-overlapping sections in your website) that
> should be assignable to 50+ groups and for each of these sections, you
> have let's say 3 "roles" (read-only, editor, publisher).
>
> The problem I see with security management is that it is not possible
> (AFAIU) to combine group A (db and file mount points) with "role" X (ACL
> on records and plugins) to create a special "bundle" that is assignable
> to a user. As it seems not to be possible to give user Y read-only
> access on T1, but editor access on subtree T2 without having to create
> additional "logical" groups that contain both a group and a role, which
> leads to 150+ logical groups in the backend.


I don't have a TYPO3 instance handy to test this, so I might be wrong, but…

Would something like this work?

50 groups, 1 per section with the appropriate db and file mounts, and
no edit access
1 group for editors with access to appropriate tables, fields, no db
or file mounts
1 group for publishers with (greater) access to (more) appropriate
tables, fields also with no db or file mounts

Selected users get access to the editor and/or publisher group in
addition to the appropriate section group. Since the editor and
publisher groups have no db mounts of their own, they should only have
access to db tables in their own sections (this is the part I'm not
sure of since I didn't test it…)


-- 
Christopher Torgalson
http://www.typo3apprentice.com/