I just finished watching the amazing @JimCollinson’s YouTube screencast and I was wondering about writing permissions. Example: multiple editors, role hierarchy, etc.
My understanding is that the editors of a website will be defined in the “whitelist” property of the AD that is assigned to the “domain”.
While this can work for many cases, e.g. if you are the sole owner/editor of your website, this won’t work properly in many other cases, especially on medium to large websites.
For example, imagine this forum on the SafeNetwork. Each time a new moderator is added, it will be required to change the meta of each post and asset. This is an insane amount of network resources and time.
And while this is bad for big websites, even small websites will suffer to add or remove members, as even small blogs have typically hundreds to thousands of files (assets, images, css, js), making it necessary to wait for minutes to update all metadata in case you want to add a collaborator or an IT person that will improve or fix something.
Even worse, imagine a staff member holding a grudge? Imagine that a staff member has an argument and it knows is going to be fired and decides to remove everybody’s else access or to mess up with the files. While this can be reverted (as the owner will still have access), it would help a lot if we could define roles and hierarchies in order to have damage control. I really don’t like the idea of giving your temp the same access level to your app as your managers.
And maybe it is just my lack of imagination, but I can’t imagine websites like StackOverflow, Wikipedia or any website that requires role levels on the SafeNetwork unless ACL controls are implemented. I think the only way to have these websites would be to have a central server (owned by the website owner) running a script 24/7 (a central bot) - which is a big no-no.
This topic has been (quickly) discussed before. I have suggested taking a look at Firebase’s rules and proposed a very simple solution with minimal network footprint, @happybeing suggested checking Solid Access Control Lists, @intrz suggested Capability lists, and so on but I don’t think any of this has been advanced.
Now that the project seems to be gaining traction, I hopefully wonder if ACLs are on the radar for Fleming. 