[TYPO3-ect] Solutions for rights management

[Sebastian Kurfuerst]

Hi,
as some of you might know, I have developed be_acl and am interested in
future developments in this field as well.
> - Fundamental rights management is done by ACLs using a standard
> implementation like bitmasks.
Yes, that is how it currently works (in be_acl).
However, what would be really cool to define custom fields as well - so
extend the bitmasks for various reasons... Sometimes, access to
individual records is needed as well, do we need this in general?

> - Access is based on group membership not individual accounts for better
> management. We loose flexibility but in my opinion most people who need
> ACLs will vote for groups only (already implemented).
OK we can easily disable the "ACL for users" feature if needed.

> - Groups can be nested (extensions exist).
works in BE, not sure about the FE.

> - Access can be given to multiple groups (extensions for the FE exist).
works in BE; by ACLs, mountpoints.

> - For the FE pseudo groups like "logged in" and "not logged in" are a
> good idea (already implemented).
> - To simplify management predefined groups are created on installation
> which reflect typical roles like author, editor, supervisor, admin.
I think this could be done as a "Package" to load extra. With the new
import/export this should be easily possible. TYPO3 core shoudln't have
this by default, but it should be easily addable.

Most of my ideas relate to the BE right now - I am not sure if such
complex schemes are needed for the FE as well - I don't have a use case
for it.

Any comments?

Greets, Sebastian