[TYPO3-ect] Solutions for rights management

Elmar Hinz elmar.DOT.hinz at team.MINUS.red.DOT.net
Tue Jan 10 20:41:03 CET 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>Roles differ from groups. Someone could get the role of an editor assigned to
>>his team only.
> 
> umm, I am not sure how you meant this.
> 

With "his team" I mean the team that he is organizing. If he is member of two
workgroups, only in teamA ("his team") he may be an editor and allowed to create
pages, while he isn't allowed to do it in teamB where he is a simple member.

(I know that the terms workgroup and roles are also used on MS systems. I don't
know how they work there, but it could be that they are used in another way than
I do it here. I use them in the way of my natural feelings about this terms.
Users of MS systems may be confused by my terminology. In this case please
excuse me to confuse you.)

> 
>>With roles only need to configure one ModeratorRole and one EditorRole. They are
>>repeatedly "assgingned" to the 10 teams. The rights of the moderator would
>>result of this "assignment".  Hi has the EditorRole of TeamA.
> 
> that's interesting, but I don't yet see how it could work. If anybody
> has ideas, that would be great. I'll think about it as well.
> 

I have found a usefull term for this assignment, the "membership".
And I wasn't precise enough. Roles aren't assigned to groups but to
"memberships" of people in groups. This way a group can have more than one
responsible editor.

I paint the database model:

                          roles
                            ^
                            |
                         [UG-id]
                    roles assignments
                         [UG-id]
                            |
                            v
users  <----[user id] memberships [group id]-----> groups


As you see we all have mm-relations here:

memberships:
A user can be a member of different groups.
A group can have different members.


A role can be assigned to diffent memberships.
A membership can be connected with different roles.


Norman has proposed group based roles. I think the model would look like this:

                    roles assignments [UG-id] -------+
                         [UG-id]                     |
                            |                        |
                            V                        V
users  <----[user id] memberships [group id]-----> groups

Here some groups would be "abused" to function as role.


- --
Climate change 2006 is killing people: floods in California, drought and fires
in Australia, Texas, Sahel, Oklahoma, South Africa. The Bush administration is
responsible for corruption of the Kyoto Protocol. The US majority is responsible
to the world for reelection of a convictable [...censored by Echelon...].
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDxA3PO976RNoy/18RAkJYAJ4qR2RHGZce+VXV0RpC2FFUGl9pbgCfaHdO
6qHOpd0HYMmX+cQC/p/W1Fc=
=A5rN
-----END PGP SIGNATURE-----

More information about the TYPO3-team-extension-coordination mailing list