Dear Stephen,
>> I still think that removing groups and having per-cluster roles is not a
>> good idea. The better way would be to keep user/group and add per-catalog
>> roles. There is an opportunity which is being missed, and that won't show
>> up later.
>
> I really disagree with you here. I feel it makes much more sense to do
> this in stages, first user/group -> roles, then roles-per-catalog, which
> means you can then have both per-catalog 'users' and per-catalog
> 'groups', if you want to limit your view to that.
I don't think that having two kinds of roles (per-cluster and per-catalog)
would be a practical thing from the user perspective. From the
implementation point of view, two tables will be needed. If you don't
create roles directly in the right scope, it will create confusion later.
The two concept need to have two different names so that they can be
understood. Moreover, a working per-cluster grouping was already
available. Changing the role scope will be much harder than creating a
role directly in the good scope.
From the implementation perspective, there is more work at adding
per-cluster roles and removing per-cluster group and then later try to add
per-catalog roles than adding per-catalog roles directly without touching
the existing group stuff.
So I'm afraid that the opportunity is missed and that per-catalog role
will never get in. Well, at least you look more optimistic than me;-)
--
Fabien.
