KARL3

Bug #377779
Comment #14

Comment 14 for bug 377779

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2009-05-19: Re: [Bug 377779] Re: Migrate the security settings on office content

#14

Shane, I got some answers back based on a call with OSI just now.

1) We can get rid of Administrator/Manager as a distinction. The
*only* goal they had was to allow add/edit/delete of content in those
folders. I suspect that means "Moderator" in KARL3.

Of course, the KarlAdmin group should get the "let them do anything
anywhere."

2) Remove/ignore any entries for bschreiber.

3) We can skip the entries for jhooper/jlantz/agalietti as they will
be in KarlAdmin.

4) There are 7 Viewer restrictions at the bottom. These are the
exceptions to the rule of "If you're staff, you can see anything in
any office."

5) Anthony (now subscribed to the ticket) will provide us with any
additional Viewer restrictions by commenting on this issue.

--Paul

On May 19, 2009, at 9:30 AM, Paul Everitt wrote:

>
> cc'ing some others not subscribed to this bug. I think we should
> plan a call this morning about it, perhaps with Anthony and Ajo (as
> Jason is booked.)
>
> Some notes I found in looking at it this morning:
>
> 1) 49 out of the 87 ACL entries were for office reference folders.
> This is clearly a trend. [wink]
>
> 2) 43 of the 87 entries are for individual people, rather than
> groups. Can't we simplify things by putting some of these people
> into some groups?
>
> 3) I see at least one fossil: bschreiber is an Enfold developer.
>
> 4) Shane is right, we have duplication of "Administrator" and
> "Manager", for example on forums and offices/budapest (where
> group.budapestadmins is both Admin and Manager.)
>
> 5) I think all entries that have "jhooper", "jlantz", and
> "agalietti" could go away. They are likely to be KarlAdmin anyway.
> (Though I suspect jhooper might revert back.)
>
> 6) This list doesn't help us on what ACLs to remove. For example,
> the default rule is that staff gets to see anything in any office.
> But what places is that not true?
>
>
> On May 18, 2009, at 9:34 PM, Shane Hathaway wrote:
>
>> Questions:
>>
>> - Karl 3 does not have a concept of "Manager". What do those
>> permissions map to? Moderator or administrator?
>>
>> - Most of the paths in the export file do not exist in Karl 3. It
>> appears that the office files for all cities have been merged into a
>> single office space. Is that right? If so, should people who had
>> manager or administrator rights for just one city now have rights for
>> all cities?
>>
>> - I have tried to guess the mapping of Karl 2 paths to Karl 3
>> paths, but
>> is there some document that specifies the path mapping? Users who
>> have
>> made bookmarks will need to know where things have moved.
>>
>> --
>> Migrate the security settings on office content
>> https://bugs.launchpad.net/bugs/377779
>> You received this bug notification because you are a direct
>> subscriber
>> of the bug.
>>
>> Status in Porting KARL to a new architecture: In Progress
>>
>> Bug description:
>> For Wednesday's eval, we'll need the listing of ACL settings based
>> on the report ChrisR sent. We'll do it as a separate console
>> script that can run independently of migration, thus we don't need
>> it (many) hours in advance.
>>
>> Jason has provided an attachment with the info.
>

Shane, I got some answers back based on a call with OSI just now.

1) We can get rid of Administrator/Manager as a distinction.  The  
*only* goal they had was to allow add/edit/delete of content in those  
folders.  I suspect that means "Moderator" in KARL3.

Of course, the KarlAdmin group should get the "let them do anything  
anywhere."

2) Remove/ignore any entries for bschreiber.

3) We can skip the entries for jhooper/jlantz/agalietti as they will  
be in KarlAdmin.

4) There are 7 Viewer restrictions at the bottom.  These are the  
exceptions to the rule of "If you're staff, you can see anything in  
any office."

5) Anthony (now subscribed to the ticket) will provide us with any  
additional Viewer restrictions by commenting on this issue.

--Paul

On May 19, 2009, at 9:30 AM, Paul Everitt wrote:

>
> cc'ing some others not subscribed to this bug.  I think we should  
> plan a call this morning about it, perhaps with Anthony and Ajo (as  
> Jason is booked.)
>
> Some notes I found in looking at it this morning:
>
> 1) 49 out of the 87 ACL entries were for office reference folders.   
> This is clearly a trend. [wink]
>
> 2) 43 of the 87 entries are for individual people, rather than  
> groups.  Can't we simplify things by putting some of these people  
> into some groups?
>
> 3) I see at least one fossil: bschreiber is an Enfold developer.
>
> 4) Shane is right, we have duplication of "Administrator" and  
> "Manager", for example on forums and offices/budapest (where  
> group.budapestadmins is both Admin and Manager.)
>
> 5) I think all entries that have "jhooper", "jlantz", and  
> "agalietti" could go away.  They are likely to be KarlAdmin anyway.   
> (Though I suspect jhooper might revert back.)
>
> 6) This list doesn't help us on what ACLs to remove.  For example,  
> the default rule is that staff gets to see anything in any office.   
> But what places is that not true?
>
>
> On May 18, 2009, at 9:34 PM, Shane Hathaway wrote:
>
>> Questions:
>>
>> - Karl 3 does not have a concept of "Manager".  What do those
>> permissions map to?  Moderator or administrator?
>>
>> - Most of the paths in the export file do not exist in Karl 3.  It
>> appears that the office files for all cities have been merged into a
>> single office space.  Is that right?  If so, should people who had
>> manager or administrator rights for just one city now have rights for
>> all cities?
>>
>> - I have tried to guess the mapping of Karl 2 paths to Karl 3  
>> paths, but
>> is there some document that specifies the path mapping?  Users who  
>> have
>> made bookmarks will need to know where things have moved.
>>
>> -- 
>> Migrate the security settings on office content
>> https://bugs.launchpad.net/bugs/377779
>> You received this bug notification because you are a direct  
>> subscriber
>> of the bug.
>>
>> Status in Porting KARL to a new architecture: In Progress
>>
>> Bug description:
>> For Wednesday's eval, we'll need the listing of ACL settings based  
>> on the report ChrisR sent.  We'll do it as a separate console  
>> script that can run independently of migration, thus we don't need  
>> it (many) hours in advance.
>>
>> Jason has provided an attachment with the info.
>