Purpose of creating group for each user?

[Yarin]

The documentation states:

"The creation of the group can be disabled with

auth.settings.create_user_groups = None

although we do not suggest doing so."

Massimo also says here that "If you do not have those groups membership causes a nightmare."

Yet I've never found any use for the individual user groups. Can someone explain their utility, and why the warnings against dropping them?

[Massimo Di Pierro]

Disabling user groups is only a problem if you use crud which checks for auth.accessible() records based on permissions. If There are no user groups you do not know how to make an object accessible to the user who created. Honestly I envisioned a bigger role in web2py for auth permissions. Turns out most users (including me) do not use them and prefer to set simpler ad hoc permission rules. In case there is no problem in disabling user groups.

[Yarin]

Got it- thanks for the explanation

[VP]

I think the current web2py access control mechanism is unnecessarily complicated.  It is both role based and task based.  But this difference here is just semantics (i.e. you can define a group that can do a certain task).

The only actually difference is in terms of implementation, not conceptual.  Task based access can be defined on "objects" (tables).  But then again, this is just unnecessary, because role based access can also be made to operate on objects/tables.

[Yarin]

@Massimo - Perhaps consider including: 

auth.settings.create_user_groups = True

in the default db.py, along with a comment explaining that it's mostly useful for crud. I think this would clarify auth config for many users.

On Friday, February 1, 2013 5:21:05 PM UTC-5, Massimo Di Pierro wrote: