[TYPO3-50-general] permission system plans

Robert Lemke robert at typo3.org
Thu Mar 29 17:40:37 CEST 2007

Hi Werner,

Am 29.03.2007 um 17:22 schrieb werner mueller:

> impressive to see you plans for typo3 5. - in fact, almost scary ;)

yes, that's what think all the time ourselves ...

> on the roadmap page i found a line for milestone 2 which mentions a
> users package. i wonder whet plans exist for that part?

Although the are no detailed plans yet, we have a rough idea.
Users will be separated from persons or organisations. That means we  
have persons and organisations (= parties) which can have any type of
"accounts" - all this will be handled by the Party Information  
Framework [1].

The users are managed separately, that means we will have user accounts
with a username and password, but that record doesn't contain the email-
address, postal addresss etc.. Instead a party may be related to that
user account.

> e.g. will the two scopes (frontend/backend) be merged into one?

while the frontend and backend won't be separated technically, you will
still have the logical separation of course. But in that regard,  
and backend are only two of various scopes you can imagine.

> will the
>   permissions stay that much user/group centric? are there plans to
> introduce roles?

Yes, very likely. Currently the RBAC[2] seems to be the most attractive

> will it be possible to extend permissions to files (or
> any asset if DAM stays)? when i look forward to the webdav  
> interface - i
> take milestone 2 as a promise ;) - this may become essential.

Currently it is not planned to have a special role for files anyway -  
are just "resources" which will be managed by a resource manager. And  
you can configure permissions for resources!

> in typo3 4.x i constantly stumble over users having an account in the
> wrong scope, or on uploaded files being accessible to anyone or
> extensions that reach to export data not meant to be exported at all.
> currently i see simply too many options doing things wrong.
> well. i am curious about your thoughts :-)

Well, and we're curious about your thoughts! However, it probably makes
most sense to discuss this after M1 is released ...


[1] http://wiki.typo3.org/index.php/Party_Information_Framework
[2] http://en.wikipedia.org/wiki/Role-Based_Access_Control


More information about the TYPO3-project-5_0-general mailing list