Re: "dynamic" acls

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Thursday, January 22, 2004 11:42 AM +0100 Turbo Fredriksson 
<turbo@bayour.com> wrote:

> > > > > > "Quanah" == Quanah Gibson-Mount <quanah@stanford.edu> writes:
>
>     Quanah> ACI's work for some environments, but they definitely
>     Quanah> won't work for mine, where ACL's are all entirely tree
>     Quanah> based, not entry based.  Maybe they will work for the
>     Quanah> person who wants that functionality though.
>
> Tree based ACL can be 'simulated' with ACI's. It's just a matter
> of making sure your administration program can recursivly modify
> ACI's. It's not easy, but it CAN be done.
>
> My phpQLAdmin does this (not perfectly recursive yet though).

I have approximately 400k plus entries, with about 30-40 attributes in each 
entry, many of which can have different access values from each other.  It 
would be horribly ugly, and a nightmare to maintain. ;)

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html