Re: other authority groups?

To: debian-edu@lists.debian.org
Subject: Re: other authority groups?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Tue, 5 Apr 2005 19:33:23 +0200
Message-id: <[🔎] 20050405173323.GG2684@saruman.uio.no>
In-reply-to: <[🔎] 20050405142025.GA15260@timotheus.schuldei.org>
References: <[🔎] 20050405142025.GA15260@timotheus.schuldei.org>

[Andreas Schuldei]
> I am working on the access control handling for user passwords (and
> other attributes)
> 
> i am just now trying to come up with a generic algorythm to
> determine who is allowed to write to a user's ldap entry, depending
> on which authority groups he is in.  right now we have theses
> authority groups by default: admins, jradmins, teachers and students
> 
> the basic rule is simple: 
> - if a person is in the admins group , no one can write to his
>   entry 

No-one else but the admin user and himself, I suspect you mean here.

> - if he is in jradmins, his entry is writeable by members of the
>   group admins and 

Which fields can the admin group members write to?

> - if he is in student or teacher he is writeable by both admins
>   and jradmins.

Same fields as above, I suspect?

The above rules look good to me.  We should make it simple for now,
and leave the more complex access control rules to the Cerebrum
implementation.

Reply to:

References:
- other authority groups?
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: Re: other authority groups?
Next by Date: Re: [Bug 918] New: DCOPserver misconfigured in sarge-pr00
Previous by thread: Re: other authority groups?
Next by thread: Re: other authority groups?
Index(es):
- Date
- Thread