Minimize group count

fainemr

For a redesign I'm looking at ways to ease administration, specifically group count but here is the problem.  We intend to map groups to a specific taxonomy's listing for projects.

My thinking was that I could minimize acl's by using permission set templates along with alias sets to create an alias set such as:

for each project:

projecta alias set

[group]admin -> projecta_admin

[group]contributor -> projecta_contributor

[group]coordinator -> projecta_coordinator

etc...

An acl template that maps the group aliases to the permission like:

%admin = delete

%contributor = write

%coordinator = read

and so forth

However, this will still result in a large number of alias sets and groups as each project (100 or so) will need to have at least three groups, maybe more.

Is this the way to go or is there a better way?

Thanks,

-Mark

DCTM_Guru

In your example, you have not really reduce the amount of ACLs required to support 100+ projects.  The real advantage of using alias sets with PSTs is when you have multiple ACL templates (PSTs) that you can define.  This normally occurs when you try to define ACLs to match lifecycle states.  If you only have 1 acl template, then you havent really reduce the number of objects required.

In your example, if a user can ONLY belong to one of the groups at a time, then you change the mapping of user to three groups to group and an attribute.  In other words, istead of defining 3 groups, you can define group_name and group_role (2 objects).  Doesnt seem ti save much from an administration perspective, but this approach would be more advantageous if you add more roles for that group.