Re: Debian Jr. -- How are we doing?
On Mon, 29 Jul 2002, Andrew Pimlott wrote:
> It might be (needed), but I doubt it. I bet that each program in
> Debian-Med will have its own ideas on access control, and they will
> be more fine-grained than Unix groups.
s/will have/should have/
I think you should not bet on this fact for all medical software - but
perhaps we should only include such software wich fits your opinion ...
> Imagine you had a med group.
> Do you want all members of that group--nurses, doctors,
> administrators, etc--to have access to all confidential databases?
> Of course not. You could try to define more groups, but I'm pretty
> sure that it will have to be application- or at least site-specific
> in the end.
On the other hand I had not only software but hardware in mind. There
is some software for hardware control and perhaps it might make sense
to let users of group med access those hardware. On the other hand this
might require a more fine grained approach as well ...
> So I would forget about trying to manage access via groups on a
> Debian-Med-wise bases, at least for now.
While I generally follow your reasoning and the real sense of a
{med/junior} group might be questionable I think I will stick to the
current groups approach in med-common for the moment (hey, it is beta ;-) )
and try to implement the user roles in parallel and try not to relay on
the groups which enables me to remove them later if they should be
really bad for some other reason.
Kind regards
Andreas.
--
To UNSUBSCRIBE, email to debian-med-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: