[Plone-UI] workflow issues

nguyen at uwosh.edu nguyen at uwosh.edu
Mon Aug 12 15:09:35 UTC 2013


I agree the terminology seems inconsistent, and I'd like to see at a glance if an item has been granted any special sharing "permissions", and to whom.

	Kim

On Aug 12, 2013, at 4:42 AM, Dylan Jay <djay at pretaweb.com> wrote:

I think I derailed the conversation by talking about solutions. 
I was really just interested to find out how many others also see sharing and roles as usability problems in Plone?


---
Dylan Jay
Technical Solutions Manager
PretaWeb: Multisite Performance Support
P: +612 80819071 | M: +61421477460 | twitter.com/pretaweb | linkedin.com/in/djay75



On 10/08/2013, at 7:16 AM, Dylan Jay <djay at pretaweb.com> wrote:

> This was largely a ui question of how to make it less confusing. 
> So technically there is a performance difference but what if we adjusted the portal root sharing tab to be a special case where instead of using a local role it set a global role. 
> Or I'm open to any other idea that makes it less confusing. 
> 
> Dylan Jay
> Technical solution manager
> PretaWeb 99552830
> 
> On 10/08/2013, at 2:45 AM, Alec Mitchell <alecpm at gmail.com> wrote:
> 
>> Adjusting local roles on the root of the site requires a full reindex of the site and can take hours on a large site.  It's also likely to result in conflict errors and retries.  This goes for roles to both users and groups, but groups have the major advantage that users can subsequently be added/removed without requiring any reindexing.  Setting of local roles at the site root should absolutely not be encouraged or made standard policy.
>> 
>> 
>> On Fri, Aug 9, 2013 at 9:15 AM, Vincent Fretin <vincent.fretin at gmail.com> wrote:
>> On Fri, Aug 9, 2013 at 5:30 PM, Sean Upton <sdupton at gmail.com> wrote:
>> On Fri, Aug 9, 2013 at 2:55 AM, Guido Stevens <guido.stevens at cosent.net> wrote:
>>> Thomas Desvenain mentioned to me performance issues when using local roles,
>>> since these are indexed for each object. He works around that somehow by
>>> assigning users to groups and then giving rights to those groups.
>> 
>> AFAICT, there should be no performance issues for catalog query
>> operations against allowedRolesAndUsers, but the default
>> (borg.localrole) and most custom PAS local role manager plugins are
>> going to check __ac_local_roles__ all the way up the acquisition chain
>> when you do a save and a traversal -- usually that is not too big of a
>> deal.
>> 
>> Sean
>> 
>> Hi,
>> 
>> Thomas is right. You can have a performance issue when adding a local role to a user or group on the root because it does root.reindexObjectSecurity() which is called recursively on the children. Adding a local role to a group and then adding user to the group is ok because it only does the reindexObjectSecurity when you add the local role to the group.
>> I have a customer site where adding a local role on the root can take 2 minutes or more... (primary because of low cpu on the VM and Active Directory connection I think)
>> 
>> Vincent Fretin
>> Ecreall
>> http://www.ecreall.com
>> 
>> 
>> _______________________________________________
>> UI mailing list
>> UI at lists.plone.org
>> https://lists.plone.org/mailman/listinfo/plone-ui
>> 
>> 
>> _______________________________________________
>> UI mailing list
>> UI at lists.plone.org
>> https://lists.plone.org/mailman/listinfo/plone-ui

_______________________________________________
UI mailing list
UI at lists.plone.org
https://lists.plone.org/mailman/listinfo/plone-ui



More information about the UI mailing list