Page MenuHomePhabricator
Create Task
Maniphest T11325

Guest users in a corporate environment
Closed, ResolvedPublic
Actions

Description

Scenario: a corporate instance of Phabricator in which a guest user have to be involved for a specific task

Problem: the guest user should not be able to see all the rest of the corporate things but only what he has to work on

It is true that is always possible to restrict visibility of things, but instead of always forcing to use a different than "All users" visibility (that is the nice default), another possibility would be to have a specific user flag that limit his/her visibility by default.

There can be a (new) flag specifying the tags of what the custom user can see even if the objects policies allow more, and if this tags are set to "none" (default can be "all objects" as implicitly is now) the user will see just the objects that will have a custom policy explicitly allowing him/her.

Event Timeline

stevex renamed this task from Guest user to Guest users in a corporate environment.Jul 14 2016, 11:36 AM
stevex created this task.
stevex updated the task description. (Show Details)Jul 14 2016, 11:42 AM
epriestley closed this task as Resolved.Jul 14 2016, 12:47 PM
epriestley claimed this task.
epriestley added a subscriber: epriestley.

https://secure.phabricator.com/book/phabricator/article/spaces/

stevex added a comment.EditedJul 14 2016, 2:13 PM

I understand the point, but then, what do you think about "automatically" assign users to a space depending on the autentication they used to login? (i.e. only who autenticated with LDAP will belong to internal users)

Probably "can view" custom visibility policy can be used adding "allow" "authentication type" "LDAP" (or the others).

This will solve the synchronization/integration issue (of the people that belong to space) since we are talking of a lot of different legal entities in various contries that continuosly change people (and in this case LDAP is already aligned with HR systems)...

The same can be used to allow just authenticated users vs unauthenticated and probably more

chad added a subscriber: chad.Jul 14 2016, 2:17 PM

I understand the point, but then, what do you think about "automatically" assign users to a space depending on the autentication they used to login? (i.e. only who autenticated with LDAP will belong to internal users)

Something like that is better maintained locally via a fork/patch since you can do exactly what you want today vs. us waiting (years?) for other installs to show interest.

Phabricator · Built by Phacility