Allow Breaking Of Inheritance Instead of Requiring Precedence Settings
Maybe I am missing something but it appears to me the approach to permissions in Geocortex is a little off. For comparison sake lets use the Windows File system as a comparison. Both the Site hierarchy and Win File System are hierarchial in nature. Both have the concept of inheriting permissions. Both have Deny taking precedence over Allow. However the inability to break inheritance and re-specify permissions to me is a shortcoming in Essentials.
Case in point (and case for almost all apps I build):
We have a group called Domain Users in which everyone in our AD domain is part of. I want all my authenticated Domain Users to use a site, but not all components in a site. Logic would state that I grant permissions to the whole Site to domain\Domain Users group. Now I have a few workflows in that site that only certain groups should be allowed to use. Under the Windows File System implementation I would simply break inheritance at the individual workflow (not all workflows because there are some meant for everyone to use) and then grant permissions to the group that needs access to that workflow. This is where Essentials fails. It shouldn't require a Precedence setting. It should simply be an Inheritance="True" or Inheritance="False" at which point I redefine the permissions at any given level.
The current implementation is more complex than it needs to be and could simplified by simply using the Inheritance value to restructure permissions at any given level. There should be no need to have to go into the Site.xml an flip/change Precedence settings.
Case in point (and case for almost all apps I build):
We have a group called Domain Users in which everyone in our AD domain is part of. I want all my authenticated Domain Users to use a site, but not all components in a site. Logic would state that I grant permissions to the whole Site to domain\Domain Users group. Now I have a few workflows in that site that only certain groups should be allowed to use. Under the Windows File System implementation I would simply break inheritance at the individual workflow (not all workflows because there are some meant for everyone to use) and then grant permissions to the group that needs access to that workflow. This is where Essentials fails. It shouldn't require a Precedence setting. It should simply be an Inheritance="True" or Inheritance="False" at which point I redefine the permissions at any given level.
The current implementation is more complex than it needs to be and could simplified by simply using the Inheritance value to restructure permissions at any given level. There should be no need to have to go into the Site.xml an flip/change Precedence settings.
0
-
Can someone change the title for me seeing we are not allowed to edit:
Allow Breaking Of Permission Inheritance Instead of Requiring Precedence Settings0
Please sign in to leave a comment.
Comments
1 comment