Permissions on PolicyGroups
portado (sent by Nabble.com)
I have 60 Groups, 60 Users and 60 Policy Groups.
When I select Policy group permissions the browser halts for 15 minutes
displaying on the status bar: "Initializing the validateLengthLT() and
isLenghtLT() validation scripts"
How can I fix this, I takes a lot of time to set up permissions this way.
--
View this message in context: http://www.nabble.com/Permissions-on-PolicyGroups-t1592426s621.html#a4321245
Sent from the FarCry - Dev forum at Nabble.com.
Geoff Bowers
> I have 60 Groups, 60 Users and 60 Policy Groups.
>
> When I select Policy group permissions the browser halts for 15 minutes
> displaying on the status bar: "Initializing the validateLengthLT() and
> isLenghtLT() validation scripts"
>
> How can I fix this, I takes a lot of time to set up permissions this way.
I think you can't realy escape this the way the UI is currently
rendered. It effectively attempts to display all permission options in
one fell swoop with a JS interface that allows you to flick between
them. I'd say you'd need to rewrite the UI entirely.
Its worth noting that FarCry security model was never designed to allow
for user level security which is what you are attempting -- its really
focused at role level security. Do you have time to outline why you are
using 60 roles (1 per user)?
-- geoff
http://www.daemon.com.au/
--
Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg
portado (sent by Nabble.com)
Sure.
The company has 20 Departments. In each department I have 3 roles: edit,
review and approve.
So, for example for the human resources department I have:
- HREdit: the user that can post information and maintains the intranet
- HRReview: users of the HR department that can access private HR
information (in each department I have a private, shared and public folders)
- HRApprove: For the HR manager, this one can edit and approve information
I have the same setup for 19 additional departments.
--
View this message in context: http://www.nabble.com/Permissions-on-PolicyGroups-t1592426s621.html#a4328955
portado (sent by Nabble.com)
This is really a good one. So I needed to integrate Farcry with Active
Directory. Turns out ntauth could keep up with the size of this directory so
here's what I did:
1. Validate the user against Active Directory
2. Get this user's group
3. Go to a table where I map the user's group to an equivalent farcry user
which has the level of access of this user (eg: HREdit, HRApprove, etc)
4. Get the username and password, put that into the same farcry form and
make farcry do the login thinking this is an ordinary user.
5. This user belong to the group HREdit, which is map to the Policy HREdit.
On the policy I just grant the user acces to approve, edit, etc, and on the
external group I give him access to the folders he can review.
So actually the users in farcry are being used as roles to integrate all
this with active directory. Otherwise I would have need to create 200 users,
instead of those 20.
Hope this is understandable :-)
--
View this message in context: http://www.nabble.com/Permissions-on-PolicyGroups-t1592426s621.html#a4329152
Blair McKenzie
portado (sent by Nabble.com)
Well users only need to edit their folder, but browse other folders on the
site.
How is that possible using navigation access?
--
View this message in context: http://www.nabble.com/Permissions-on-PolicyGroups-t1592426s621.html#a4329347
Blair McKenzie
If the groups are simply added together you may right about having to have 60 roles portado.
Blair