Re: [Gforge-devel] Role-Based Access Control

[Justin Richer]

I'm greatly in favor of a role-based system, though I would strongly
suggest not hard-coding the roles. That is, allow someone to define a
new role and modify the read/write/admin permissions on each tool in
Gforge. I do think you have a good set of default roles in mind, though.
However, you'll probably want to have a 'guest' role that "other" people
would default to. That is, a non-member of the project, or even people
not logged into the site at all. Maybe we should even allow for project
admins to select which roles these two groups get assigned to. This
would allow for a finer-grained access control over who gets access to
what. All said though, I think roles are a great idea.


  -- Justin



On Mon, 2002-12-30 at 14:18, Tim Perdue wrote:
> Does anyone have an opinion, either for or against RBAC (Role-Based 
> Access Control).
> 
> I think it would be easier to set permissions if you just set a person 
> as a "Jr. Developer", "Sr. Developer", etc instead of going into 
> fine-tuning permissions for each tool.
> 
> If there isn't a lot of objections, I will switch to RBAC.
> 
> Roles:
> 
> Project Manager - Full admin access, cannot be assigned items
> Sr. Developer - Can modify items, File Release + Jr. Developer
> Jr. Developer - Can be assigned items, cvs commit + Analyst
> Analyst - Doc Mgr edit + observer
> Observer - Can view/post to private & public project sections
> 
> What other roles are needed? The limitation I see here is a Project Mgr 
> cannot be assigned items, which causes trouble for me, as I need to be 
> assigned items, plus the ability to edit all permissions. Should Project 
> Manager be a separate checkbox, not a role?
> 
> 
> 
> _______________________________________________
> Gforge-devel mailing list
> address@hidden
> http://mail.nongnu.org/mailman/listinfo/gforge-devel