Does anyone have opinions on what permissions should be required for the mismatches functionality?
I am in favor of just using the existing roles&permissions to determine if a user can view (and fix) these. If they don't have permission to control one or more of the required resources to fix, then they would be prevented from fixing; they'd need to seek someone with more permissions.
The other choice is that only admin users can fix. However, I am very much against this as I believe depending on admin privileges for any normal operation defeats the purpose of having roles&permissions, organizations, etc. I'd want to be able to make an "organization admin" that can fix mismatches in only their own org, not all orgs.
Timely input either here or on the pull-request[1] welcome. Note that the p-r is simply to hide the functionality completely if the user doesn't have the most basic view_host permission. Depending on our discussion, if it's agreed that it needs to be linked to permissions, then this p-r could go in and other redmine issues filed for full feature.
[1] https://github.com/theforeman/foreman/pull/1719
···
--
@thomasmckay
–
“The leader must aim high, see big, judge widely, thus setting himself apart form the ordinary people who debate in narrow confines.” ~ Charles De Gaulle
“Leadership is about making others better as a result of your presence and making sure that impact lasts in your absence.” ~ Harvard Business School
As a follow-up on the topic, the permission for mismatches is tied to being able to edit organization and locations (or as an admin). Thanks @josephmagen!
https://github.com/theforeman/foreman/pull/1754
···
----- Original Message -----
>
> Does anyone have opinions on what permissions should be required for the
> mismatches functionality?
>
> I am in favor of just using the existing roles&permissions to determine if a
> user can view (and fix) these. If they don't have permission to control one
> or more of the required resources to fix, then they would be prevented from
> fixing; they'd need to seek someone with more permissions.
>
> The other choice is that only admin users can fix. However, I am very much
> against this as I believe depending on admin privileges for any normal
> operation defeats the purpose of having roles&permissions, organizations,
> etc. I'd want to be able to make an "organization admin" that can fix
> mismatches in only their own org, not all orgs.
>
> Timely input either here or on the pull-request[1] welcome. Note that the p-r
> is simply to hide the functionality completely if the user doesn't have the
> most basic view_host permission. Depending on our discussion, if it's agreed
> that it needs to be linked to permissions, then this p-r could go in and
> other redmine issues filed for full feature.
>
> [1] https://github.com/theforeman/foreman/pull/1719
>
> --
> @thomasmckay
>
> --
> "The leader must aim high, see big, judge widely, thus setting himself apart
> form the ordinary people who debate in narrow confines." ~ Charles De Gaulle
>
> "Leadership is about making others better as a result of your presence and
> making sure that impact lasts in your absence." ~ Harvard Business School
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscribe@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>
