On 07/19/2011 02:11 PM, Hugh Brock wrote:
- We need to make sure self-service really is sane. A big part of self service is image visibility -- i.e. who can launch what where (VMWare's "Catalog" concept answers this requirement for them). A good self-service solution is going to take thinking through some use cases and some serious UX work as well.
Speaking of self-service, currently self-service user creation has been removed from the UI. It appears to be an inadvertent regression that came with the redesigned login page, but now that it's gone, it's been suggested that we didn't want it anyway -- that we _want_ explicit admin approval before a new account is enabled.
So we need to decide what to do both for 0.3.0 and for 0.4.0+
Starting with the latter, if we're integrating with ldap, etc, presumably we wouldn't want self-created self-service user accounts that _don't_ go through ldap. That said, in the case of an external user store, we may not want to automatically enable _every_ ldap user for conductor, so in this case, self-service creation might amount to a user saying "Yes I'm on ldap -- I just logged in -- now enable me for conductor." Then again if we're enabling any ldap user from doing things, why not just do that whole thing transparently on ldap/etc login -- and in the case where the admins have decided that they have to explicitly enable external ldap users for conductor, then they'd get some sort of 'access denied - -contact your administrator for access' message on login.
So back to 0.3.0 -- what here? Do we keep self-service hidden, or do we re-enable it?
Scott