[Freeipa-devel] Reorganization of Web UI navigation items

Dmitri Pal dpal at redhat.com
Tue Jun 3 21:16:40 UTC 2014 

On 06/03/2014 04:29 AM, Petr Spacek wrote:
> On 3.6.2014 09:54, Martin Kosek wrote:
>> On 06/02/2014 03:59 PM, Petr Vobornik wrote:
>>> Hi List,
>>>
>>> the purpose if this mail is to start a discussion about 
>>> reorganization of
>>> navigation items. Users are not fond of such change so we should 
>>> come up with a
>>> solution which would last for some time.
>>>
>>> Problem:
>>> UX recommendation is that one menu level should contain maximum of 7 
>>> items. We
>>> have 10 items in Identity, 7 in Policy and 7 in IPA Server. 
>>> Basically we
>>> reached max. capacity of all 1st-level items.
>>>
>>> Solution:
>>> Introduce new 1st-level items and redistribute 2nd-level items.
>>>
>>> Initial Draft:
>>>
>>> Identity (6)
>>> - Users
>>> - Groups
>>> - Hosts
>>> - Hostgroups
>>> - Netgroups
>>> - Services
>>
>> ok, though I have different division in mind.
>>
>>> Policy (5)  some better name?
>>> - HBAC
>>> - SUDO
>>> - Automount
>>> - Automember
>>> - SELinux User Maps
>>
>> I am not sure about Automount, SUDO and Automember as they are not so 
>> about
>> policy related to users but rather about central storage for native 
>> Linux
>> services - similarly to DNS.
>>
>>> Authentication (4)
>>> - Radius Server Proxy
>>> - OTP Tokens
>>> - Password Policy
>>> - Kerberos Ticket Policy
>>
>> Hm, "Policy" is indeed strange.
>>
>>> Infrastructure (6)  some better name?
>>> - DNS
>>> - Realm Domains
>>> - Trust
>>> - Views
>>> - ID Ranges
>>> - Certificates
>>>
>>> Permissions (3)
>>> - Role Based Access Control
>>> - Self Service Permissions
>>> - Delegation
>>>
>>> Configuration (1)
>>> - Global
>>
>> Let me twist your proposal a bit and come to it from different way, i.e.
>> thinking about what admin wants to do. If he wants to set up a user, 
>> he should
>> not need to go to 2 different top level items.
>>
>> Users
>> - Users
>> - Groups
>> - OTP Tokens
>> - Password Policy
>> - Automember
>>
>> Hosts
>> - Hosts
>> - Host groups
>> - Netgroups
>> - HBAC
>> - SELinux User Maps

User maps are more about users than hosts. No?

>>
>> Services
>> - Services
>> - SUDO
>> - Automount

I do not like "services" on two levels but I can't come up with an 
alternative.
>>
>> Trusts
>> - (future) Views
>> - Trust configuration
>> - Trusts

Ad other trusts in future

>>
>> Infrastructure
>> - Certificates
>> - DNS
>> - Realm Domains
>> - Kerberos Ticket Policy
>> - (future) Replication topology
>>
>> Configuration
>> - Global
>> - RBAC

Is it IPA access control?

>> - ID Ranges

I suggest different slicing:

Configuration
  - Global
  - Access control
  - Realm Domains
  - Kerberos Ticket Policy
  - ID ranges


Infrastructure
- (future) Replication topology
- DNS
- (future) Vault

I am not sure about Certificates.
Is it about root CA? Can you point me to a feature page that corresponds 
to this feature?

Should we have also:
(future) Support
- Documentation
- Project Wiki
- File issue here
...




>>
>> Does that make sense?
>
> This seems reasolable. Couple nitpicks:
> 1) "Certificates" under "Infrastructure":
> Now we don't support them for users, but this will change in 
> (distant?) future. Also, hosts have own certificates. Services can 
> have own certificates etc.
>
> Can we have e.g. "Certificates" button at two different places? (But 
> still opening the same dialog.)
>
>
> 2) "Kerberos Ticket Policy" is also related to users ...
>
> 3) "Configuration" and "Infrastructure" seems so related to me that I 
> would personally merge them.
>
>
> Anyway, this seems like a step in the right direction!
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

More information about the Freeipa-devel mailing list