[TYPO3-ect] Solutions for rights management

Seibert, Norman seibert at entios.de
Tue Jan 10 09:53:34 CET 2006


Hi,

please let me correct an issue in your mail. An LDAP Connection can only
authenticate a user and transfer his groups stored in the directory.
Therefore it is not a solution for rights management.

Personally I would prefer a combination of ACL and group-based roles:

- Fundamental rights management is done by ACLs using a standard
implementation like bitmasks.
- Access is based on group membership not individual accounts for better
management. We loose flexibility but in my opinion most people who need
ACLs will vote for groups only (already implemented).
- Groups can be nested (extensions exist).
- Access can be given to multiple groups (extensions for the FE exist).
- For the FE pseudo groups like "logged in" and "not logged in" are a
good idea (already implemented).
- To simplify management predefined groups are created on installation
which reflect typical roles like author, editor, supervisor, admin.

Best wishes
	Norman



More information about the TYPO3-team-extension-coordination mailing list