[Building Sakai] Sakai 10 and Adminlite
Kurosch Petzold
kurosch.petzold at fu-berlin.de
Tue Jul 8 09:05:48 PDT 2014
Hey,
sorry I actually forgot to put down the sakai.realms tool too.
I guess that will not work either without any changes at the source.
Best regards,
Kurosch
> The "users" and "usermembership" may have to be updated to use Sakai realm
> permissions in order to use DA tool with them. The "roster" tool should
> be
> fine.
>
> -Bryan
>
>
> On Tue, Jul 8, 2014 at 10:57 AM, Kurosch Petzold <
> kurosch.petzold at fu-berlin.de> wrote:
>
>> hey,
>>
>> > I've actually never tried adding the admin workspace to the hierarchy
>> and
>> > assigning non admins to it. I would assume it works fine. I would be
>> > worried about special tools that don't check for permissions and
>> assume
>> > that it's an admin tool since it's in the admin workspace. You don't
>> need
>> > to worry about the "Become User" tool anymore since there are new
>> checks
>> > in
>> > Sakai 10x to make sure the user is an actual admin user and not a DA
>> user.
>> > DA user's can be granted access to use the Become User tool only for
>> > users
>> > within their hierarchy access. What are you wanting the user to have
>> > access to?
>>
>> We would like the user to have read permissions for:
>> [] roster
>> [] users
>> [] usermembership
>>
>> Best regards,
>> Kurosch
>>
>>
>>
>>
>>
>> > -Bryan
>> >
>> >
>> > On Tue, Jul 8, 2014 at 10:08 AM, Kurosch Petzold <
>> > kurosch.petzold at fu-berlin.de> wrote:
>> >
>> >> Does this include the admin workspace?
>> >>
>> >> Best regards,
>> >> Kurosch
>> >> >>We would like a Support role that basically is an admin with view
>> >> > permission only.
>> >> >
>> >> > This is what the Delegated Access tool was designed for. Since you
>> >> have
>> >> a
>> >> > specific use case in mind, you should create a new realm and turn
>> on
>> >> the
>> >> > view only permissions and turn off the edit/remove permissions.
>> Then
>> >> you
>> >> > can choose users who will get these permissions in any set or
>> subset
>> >> of
>> >> > sites (including all sites).
>> >> >
>> >> > -Bryan
>> >> >
>> >> >
>> >> > On Tue, Jul 8, 2014 at 9:48 AM, Kurosch Petzold <
>> >> > kurosch.petzold at fu-berlin.de> wrote:
>> >> >
>> >> >> Hey Neal,
>> >> >>
>> >> >> We would like a Support role that basically is an admin with view
>> >> >> permission only. By the way are there any plans to change the
>> >> >> administration setup from centralized security officers to
>> >> decentralized
>> >> >> role-based access control, i.e. implementing ARBAC[0];[1];
>> >> >>
>> >> >>
>> >> >> [0]
>> >> >>
>> >> >>
>> >>
>> http://www.computer.org/cms/Computer.org/dl/mags/co/1996/02/figures/r20384.gif
>> >> >> [1]http://www.computer.org/csdl/mags/co/1996/02/r2038.html
>> >> >>
>> >> >> Best regards,
>> >> >> Kurosch Petzold
>> >> >> > Which functionality do you need that is not in Delegated Access?
>> >> >> >
>> >> >> > -- Neal
>> >> >> >
>> >> >> >
>> >> >> >> Kurosch Petzold <mailto:kurosch.petzold at fu-berlin.de>
>> >> >> >> July 8, 2014 at 9:31 AM
>> >> >> >> Hi Neal,
>> >> >> >>
>> >> >> >>> Have you looked at the Delegated Access tool, to see if that
>> will
>> >> >> meet
>> >> >> >>> your needs?
>> >> >> >>>
>> >> >> >>>
>> >> https://confluence.sakaiproject.org/display/DAC/Delegated+Access+Tool
>> >> >> >>>
>> >> >> >>> I know it is not quite the same thing, but maybe enough of an
>> >> >> overlap?
>> >> >> >>>
>> >> >> >>
>> >> >> >> we checked the Delegated Access tool and we will be using it.
>> >> However
>> >> >> >> the
>> >> >> >> missing functionality would be appreciated by our
>> administration
>> >> for
>> >> >> >> management and permission reasons.
>> >> >> >>
>> >> >> >>
>> >> >> >>>> Matthew Jones<mailto:matthew at longsight.com>
>> >> >> >>>> July 8, 2014 at 9:06 AM
>> >> >> >>>> That link didn't work for me? Was it this link?
>> >> >> >>>>
>> >> >> >>>> https://confluence.sakaiproject.org/display/ADMX/Home
>> >> >> >>>>
>> >> >> >>>> There is a note there that says it's unsupported since 2.8,
>> but
>> >> >> should
>> >> >> >>>> work as the webservices haven't significantly changed, just
>> >> nothing
>> >> >> >>>> added/fixed. In Sakai 11, we plan to remove all the existing
>> >> axis
>> >> >> >>>> webservices in favor of CXF so that would break this tool.
>> The
>> >> CXF
>> >> >> >>>> services are already available in Sakai 10 so they would be
>> >> >> preferred.
>> >> >> >> I was looking for adminlite support not adminX ;)
>> >> >> >> We do not want to use adminX because it is deprecated.
>> >> >> >>
>> >> >> >>
>> >> >> >> Best regards,
>> >> >> >> Kurosch
>> >> >> >>
>> >> >> >>
>> >> >> >> Neal Caidin <mailto:neal.caidin at apereo.org>
>> >> >> >> July 8, 2014 at 9:09 AM
>> >> >> >> Hi Kurosch,
>> >> >> >>
>> >> >> >> Have you looked at the Delegated Access tool, to see if that
>> will
>> >> >> meet
>> >> >> >> your needs?
>> >> >> >>
>> >> >> >>
>> >> https://confluence.sakaiproject.org/display/DAC/Delegated+Access+Tool
>> >> >> >>
>> >> >> >> I know it is not quite the same thing, but maybe enough of an
>> >> >> overlap?
>> >> >> >>
>> >> >> >> Cheers,
>> >> >> >> Neal
>> >> >> >>
>> >> >> >>
>> >> >> >> Matthew Jones <mailto:matthew at longsight.com>
>> >> >> >> July 8, 2014 at 9:06 AM
>> >> >> >> That link didn't work for me? Was it this link?
>> >> >> >>
>> >> >> >> https://confluence.sakaiproject.org/display/ADMX/Home
>> >> >> >>
>> >> >> >> There is a note there that says it's unsupported since 2.8, but
>> >> >> should
>> >> >> >> work as the webservices haven't significantly changed, just
>> >> nothing
>> >> >> >> added/fixed. In Sakai 11, we plan to remove all the existing
>> axis
>> >> >> >> webservices in favor of CXF so that would break this tool. The
>> CXF
>> >> >> >> services are already available in Sakai 10 so they would be
>> >> >> preferred.
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> sakai-dev mailing list
>> >> >> >> sakai-dev at collab.sakaiproject.org
>> >> >> >> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>> >> >> >>
>> >> >> >> TO UNSUBSCRIBE: send email to
>> >> >> >> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> >> >> >> "unsubscribe"
>> >> >> >> Kurosch Petzold <mailto:kurosch.petzold at fu-berlin.de>
>> >> >> >> July 8, 2014 at 6:50 AM
>> >> >> >> Hey guys,
>> >> >> >>
>> >> >> >> just a question does the adminlite tool[1] by any chance be
>> >> updated
>> >> >> to
>> >> >> >> support Sakai 10 in the near future?
>> >> >> >> Or is this tool dead?
>> >> >> >>
>> >> >> >> Best regards,
>> >> >> >> Kurosch Petzold
>> >> >> >>
>> >> >> >>
>> >> >> >> [1] jira.sakaiproject.org/ADMX
>> >> >> >>
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> sakai-dev mailing list
>> >> >> >> sakai-dev at collab.sakaiproject.org
>> >> >> >> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>> >> >> >>
>> >> >> >> TO UNSUBSCRIBE: send email to
>> >> >> >> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> >> >> >> "unsubscribe"
>> >> >> >
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Best regards,
>> >> >> Kurosch Petzold
>> >> >>
>> >> >> _______________________________________________
>> >> >> sakai-dev mailing list
>> >> >> sakai-dev at collab.sakaiproject.org
>> >> >> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>> >> >>
>> >> >> TO UNSUBSCRIBE: send email to
>> >> >> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> >> >> "unsubscribe"
>> >> >>
>> >> >
>> >>
>> >>
>> >> --
>> >> Best regards,
>> >> Kurosch Petzold
>> >>
>> >>
>> >
>>
>>
>> --
>> Best regards,
>> Kurosch Petzold
>>
>>
>
--
Best regards,
Kurosch Petzold
More information about the sakai-dev
mailing list