[Freeipa-devel] Reorganization of Web UI navigation items

Petr Spacek pspacek at redhat.com
Tue Jun 3 08:29:05 UTC 2014 

On 3.6.2014 09:54, Martin Kosek wrote:
> On 06/02/2014 03:59 PM, Petr Vobornik wrote:
>> Hi List,
>>
>> the purpose if this mail is to start a discussion about reorganization of
>> navigation items. Users are not fond of such change so we should come up with a
>> solution which would last for some time.
>>
>> Problem:
>> UX recommendation is that one menu level should contain maximum of 7 items. We
>> have 10 items in Identity, 7 in Policy and 7 in IPA Server. Basically we
>> reached max. capacity of all 1st-level items.
>>
>> Solution:
>> Introduce new 1st-level items and redistribute 2nd-level items.
>>
>> Initial Draft:
>>
>> Identity (6)
>> - Users
>> - Groups
>> - Hosts
>> - Hostgroups
>> - Netgroups
>> - Services
>
> ok, though I have different division in mind.
>
>> Policy (5)  some better name?
>> - HBAC
>> - SUDO
>> - Automount
>> - Automember
>> - SELinux User Maps
>
> I am not sure about Automount, SUDO and Automember as they are not so about
> policy related to users but rather about central storage for native Linux
> services - similarly to DNS.
>
>> Authentication (4)
>> - Radius Server Proxy
>> - OTP Tokens
>> - Password Policy
>> - Kerberos Ticket Policy
>
> Hm, "Policy" is indeed strange.
>
>> Infrastructure (6)  some better name?
>> - DNS
>> - Realm Domains
>> - Trust
>> - Views
>> - ID Ranges
>> - Certificates
>>
>> Permissions (3)
>> - Role Based Access Control
>> - Self Service Permissions
>> - Delegation
>>
>> Configuration (1)
>> - Global
>
> Let me twist your proposal a bit and come to it from different way, i.e.
> thinking about what admin wants to do. If he wants to set up a user, he should
> not need to go to 2 different top level items.
>
> Users
> - Users
> - Groups
> - OTP Tokens
> - Password Policy
> - Automember
>
> Hosts
> - Hosts
> - Host groups
> - Netgroups
> - HBAC
> - SELinux User Maps
>
> Services
> - Services
> - SUDO
> - Automount
>
> Trusts
> - (future) Views
> - Trust configuration
> - Trusts
>
> Infrastructure
> - Certificates
> - DNS
> - Realm Domains
> - Kerberos Ticket Policy
> - (future) Replication topology
>
> Configuration
> - Global
> - RBAC
> - ID Ranges
>
> Does that make sense?

This seems reasolable. Couple nitpicks:
1) "Certificates" under "Infrastructure":
Now we don't support them for users, but this will change in (distant?) 
future. Also, hosts have own certificates. Services can have own certificates etc.

Can we have e.g. "Certificates" button at two different places? (But still 
opening the same dialog.)


2) "Kerberos Ticket Policy" is also related to users ...

3) "Configuration" and "Infrastructure" seems so related to me that I would 
personally merge them.


Anyway, this seems like a step in the right direction!

-- 
Petr^2 Spacek

More information about the Freeipa-devel mailing list