RE: Per-modules readers/writers ?

[Shankar Unni]

The other (counter-) factor is that in large environments, users are
often managed through YP or LDAP (and generally from the IT point of
view lumped into a few giant groups like "engr" and "users").

These environments are not necessarily paranoid enough to need C2-level
security (which is another nightmare to administer), but often do need
to implement a coarse level of read/write control over modules for
users.

Also, even if a finer level of groups were implemented at the YP level,
it's then hard to give access to a module to *one* user from an outside
group without sticking them into that group at the YP level (and thus
opening up that entire group's resources to them, instead of just the
one module in the one repository).

Independent CVS-maintained repository-level group management and access
control is very useful in such environments.

David R. Chase wrote:

> I suppose it comes down to how you identify actual users, 
> since the system has to know somehow about who is trying 
> to access a module in order to allow or deny that access.