Authorization with user levels, roles etc

[GoogleCodeExporter]

Authorization with user levels, roles etc...

Any comments, suggestions how this should be implemented much appreciated.

Original issue reported on code.google.com by level7systems@googlemail.com on 4 Feb 2010 at 4:15

[GoogleCodeExporter]

users should be able to make edits to a domain once created by an administrator.
administrators should be able to create users and be able create other 
administrators.
There should be a super user.
authentication should be handled by symfony not apache.

Original comment by cmaur...@gmail.com on 4 Feb 2010 at 6:47

[GoogleCodeExporter]

Should all users be able to make edits to all domains?

Or do we want to be able to assign users to domains?

So for example user1 can:

domain1.com view/edit
domain2.com view only

Original comment by level7systems@googlemail.com on 4 Feb 2010 at 6:51

[GoogleCodeExporter]

my 2 cents...

Super Users
 * Should be able to create domains, domain users, other administrators, view logs,
change settings etc.
 * Should be able to remove any domain users domain etc.
 * Should be able to assign a domain count to domain users and ability for domain
user to create domains himself

Domain Administrators
 * Should be able to create domains up to x (where x is amount defined by super user
on domain users profile)
 * Should be able to edit own domains
 * Should be able to view own domains
 * Should be able to delete own domains
 * Should NOT be able to see any other domains.

Domain Users
 * Should be able to view domain
 * Should be able to edit domain
 * Should be able to delete domain
 * Shoudl NOT be able to see other domains in the account

OR

Super Users
 * Should be able to create domains, domain users, other administrators, view logs,
change settings etc.
 * Should be able to remove any domain users domain etc.
 * Should be able to assign a domain count to domain users and ability for domain
user to create domains himself

Domain Users
 * Should be able to create domains up to x (where x is amount defined by super user
on domain users profile)
 * Should be able to edit own domains
 * Should be able to view own domains
 * Should be able to delete own domains
 * Should NOT be able to see any other domains.

Authentication should be handled by the application as previosly suggested

Original comment by leondeja...@gmail.com on 4 Feb 2010 at 7:09

[GoogleCodeExporter]

I don't think any one person is going to have the right idea for all possible 
use
cases.  IMHO you'd be better off baking these into the GUI:

* actions at the most granular level possible
* the ability to aggregate groupings of actions into (perhaps) roles
* the concept of uniquely identified users
* the ability to group users and (maybe) groups into groups

.. and then allowing root to make the decisions about how the ACLs are mapped 
from
action to role to group to user.

If you want to make it nice to use you could, by default, ship with some of the 
above
groupings/etc already filled in, but still customisable by the root user.  Some 
of
the previous comments on this ticket would be a good starting point for /that/ 
work,
but don't bake any organisational logic into the code, please!

Original comment by jpluscpl...@googlemail.com on 8 Mar 2010 at 11:52

[GoogleCodeExporter]

This would be great:

Super Users
 * Should be able to create domains, domain users, other administrators, view logs,
change settings etc.
 * Should be able to remove any domain users domain etc.
 * Should be able to assign a domain count to domain users and ability for domain
user to create domains himself

Domain Administrators (Resellers)
 * Should be able to create domains up to x (where x is amount defined by super user
on domain users profile)
 * Should be able to edit own domains
 * Should be able to view own domains
 * Should be able to delete own domains
 * Should NOT be able to see any other domains.

Domain Users
 * Should be able to view domain
 * Should be able to edit domain
 * Should be able to delete domain
 * Shoudl NOT be able to see other domains in the account

Some input -> https://dns-test.alfahosting.de/site/advertise

Original comment by markusb...@gmail.com on 29 Jul 2011 at 8:56