Forums / General / user administrator and roles: how to do with several restricted sections?

"Please Note:

At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

user administrator and roles: how to do with several restricted sections?

Previous topic

General

Next topic

Author	Message
Daniele P.	Monday 19 January 2004 4:14:00 am Exponential is role-centric because role are assigned to users and not viceversa. In this way you have to view all roles (one by one) to know which role is assigned to one user. This is bad design. I have the following situation and due to the incomplete role assignment and managment I can't use Exponential for my porpouse. I have 5 restricted areas on my Exponential site. Some users should have the rights to read form area 1 only, some only from area 2 only, some for all the restricted areas. So i create 5 roles "view area": view area 1, view area 2... because is impossible to manage all groups for these combination. I want to set a simple role for the "user administrator": - Create new users in "customer group" (and this is simple). - Assign to the users of "customer group" the right role: one or more of the "view area" roles. Is possible? I can only assign to the "user administrator" the role policy: role * * that is too large. If I can't manage such type of accounting I accept suggestion for workarounds. Thanks in Advance. Daniele
Marco Zinn	Monday 19 January 2004 10:10:41 am I don't know, how diverse the permission system for the role module is, but i guess, you tried this out. One workaround would be: Create 5 User groups ("Readers of Forum 1", "Readers of Forum 2") under the "Customer group". Assign one of your 5 roles to each group. Now, by storing users in one or more groups (this is possible), your user admins have control over the read rights. You must test, if this really works. There WAS a bug with policy inheriting through user groups, but i guess, it's solved now. Marco http://www.hyperroad-design.com
Daniele P.	Monday 19 January 2004 12:24:36 pm It works out of the box for eZ 3.3-1 (3.3). It's a lot of repetitive work to set ut 5 sections, 5 user gruops and 5 role policies. I tested the simplest conf: USERS ROOT \|-- SEC1 \| \|-- USER1 \| '-- USER12 `-- SEC2 \|-- USER2 `-- USER12 USER12 can read from SEC1 and SEC2 Now I'm going to test the followings (whic are more useful): USERS ROOT `-- COMMONSEC \|-- SEC1 \| \|-- USER1 \| '-- USER12 `-- SEC2 \|-- USER2 `-- USER12 USERS ROOT \|-- COMMONSEC1 \| \|-- SEC1 \| \| \|-- USER11 \| \| \|-- USER12 \| \| '-- USER1212 \| `-- SEC2 \| \|-- USER12 \| \|-- USER22 \| '-- USER1212 `-- COMMONSEC2 \|-- SEC1 \| \|-- USER1 \| \|-- USER12 \| `-- USER1212 `-- SEC2 \|-- USER2 \|-- USER12 `-- USER1212 This is not the best solution (I really need a limited role editor, and a speedy setup for policies) but it seems to work. What about if two user grop have opposite role? In my test I only add read permission to a section. Thanks, Daniele

Author

Message

Daniele P.

Monday 19 January 2004 4:14:00 am

Exponential is role-centric because role are assigned to users and
not viceversa.
In this way you have to view all roles (one by one) to know which role is
assigned to one user. This is bad design.
I have the following situation and due to the incomplete role assignment
and managment I can't use Exponential for my porpouse.

I have 5 restricted areas on my Exponential site.
Some users should have the rights to read form area
1 only, some only from area 2 only, some for all the restricted areas.
So i create 5 roles "view area": view area 1, view area 2... because
is impossible to manage all groups for these combination.

I want to set a simple role for the "user administrator":
- Create new users in "customer group" (and this is simple).
- Assign to the users of "customer group" the right role: one or more
of the "view area" roles.

Is possible?
I can only assign to the "user administrator" the role policy:
role * *
that is too large.

If I can't manage such type of accounting I accept suggestion for
workarounds.

Thanks in Advance.
Daniele

Marco Zinn

Monday 19 January 2004 10:10:41 am

I don't know, how diverse the permission system for the role module is, but i guess, you tried this out.

One workaround would be:
Create 5 User groups ("Readers of Forum 1", "Readers of Forum 2") under the "Customer group".
Assign one of your 5 roles to each group.
Now, by storing users in one or more groups (this is possible), your user admins have control over the read rights.

You must test, if this really works. There WAS a bug with policy inheriting through user groups, but i guess, it's solved now.

Marco
http://www.hyperroad-design.com

Daniele P.

Monday 19 January 2004 12:24:36 pm

It works out of the box for eZ 3.3-1 (3.3).
It's a lot of repetitive work to set ut 5 sections, 5 user gruops and 5 role policies.
I tested the simplest conf:

USER12 can read from SEC1 and SEC2
Now I'm going to test the followings (whic are more useful):

This is not the best solution (I really need a limited role editor, and a speedy setup for policies) but it seems to work.

What about if two user grop have opposite role?
In my test I only add read permission to a section.

Thanks,
Daniele