Forum OpenACS Development: Re: Scalability of acs_objects and acs_object_context_index

It's not clear why Ars Digita wrote its packages to define so many new privileges.  The permissions design document urges one to be conservative about doing so, presumably someone in the core team changed their mind about that during the early days of ACS 4.0 without changing the documentation.

Do any of our Ars Digitans know?

The case you describe is just about the only use for these "foo-admin" etc privileges I've heard.  But as you say, it's really not sufficient reason if it imposes a performance penalty, and I know for certain it does.  It would just be a convenience to subsite admins, that's all, and there are other ways it could be implemented.

If we only had a handful of privileges in the system, it would make the generalized permissions admin UI a lot more usable, too.  Right now you're presented with a whole list of "foo-admin", "bar-admin" etc privileges you can map to a given object even though they don't have any meaning in most cases (elsewhere I've discussed possibly adding a mechanism to restrict the object types a particular privilege can be assigned to, but if we cut down the privileges in the system to a rational set this might not be necessary.)

Here's a thread about permissions hierarchy to refresh your memory:

https://openacs.org/forums/message-view?message_id=26613

Not a particularly flattering look at my early post-aD days, but oh well.  It does discuss why I ended up creating "glossary_admin", etc.

Enjoy my defensive responses,