Skip to main content

Role based client access

8 replies [Last post]
steflik
Offline
Joined: 2009-06-29
Points: 0

Has anyone given thought to making the client role based so that once a world is deployed to a production environment that many of the client controls (including drag'n'drop ) object placement is disabled so that a user cannot either accidentally or intentionally deface the world? or only letting users with specific roles (like instructors) be able to add the pdf viewer or whiteboard to the environment , what about automatic removal of objects that have been left laying around.

Dick Steflik
Binghamton University

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
hermetic_cab
Offline
Joined: 2008-06-22
Points: 0

Hmm, not sure if I should file an enhancement request now, I would like to read more ideas/comments from others about how role based client access could be enhanced first?

Another idea came up here, that maybe the easiest fix would be to change the top scene node, attach 'world' as a real node, where security can be applied.

It could maybe allow to give a world a name (and so open ways to have different 'worlds'/rooms on one wonderland-server running simultaniously: with filters for users in them like on different branchs of a tree).

> One thing I've noticed about SL is that the terrain is hilly

Ric I have no idea how the fact that terrain in SL is hilly and things of rendering improvment could enhance the role based client access?
Accidently mixed threads?

hermetic_cab
Offline
Joined: 2008-06-22
Points: 0

Since no one did post any own ideas further on this topic:

Added the ENHANC-request like kaplanj suggested:
ISSUE# 1129
https://wonderland.dev.java.net/issues/show_bug.cgi?id=1129

'administrator be able to limit objects a user can create'
in category 'module system'

Hope I did this correct.

Kaplanj, do you want me to file a bug of that 'escape-possibillity' of the (world-)container too?
I think this is way more serious, cause we can't limit users to drop things on world generally.
(they can 'escape' all container-limits if they 'walk' long enought)
Could be fixed if its possible to add a container to the (world)top-node, the wonderland dont allow such yet.

kaplanj
Offline
Joined: 2004-07-13
Points: 0

Yes, please file the "escape" thing as a bug, since it should be possible to lock down worlds as you describe.

Ric Moore

On Thu, 2009-12-03 at 14:52 -0800, wonderland@javadesktop.org wrote:
> These are great suggestions.
>
> As you have noticed, you can do some of what you want (prevent
> creation of new objects) by using a container. Unfortunately there is
> no way to create a container the size of the whole world. I would
> suggest for now creating a world with a large floor space and a
> horizon that encompasses most of the initially visible area of the
> world, and making that a container. That will give an approximation
> of what you are looking for, since people will have to go far away
> (out of range of the starting location) to create any new content.
>
> Please file an enhancement request in the bug tracker for the other
> functionality. A few people have asked to limit the types of objects
> people can create in a particular space. Do you have any thoughts on
> how an administrator might express what types are or aren't allowed in
> a space?
> [Message sent by forum member 'kaplanj' ]

One thing I've noticed about SL is that the terrain is hilly. So,
line-of-sight is reduced significantly from a flat terrain and, to my
thinking, improves the frame rate. I get almost double the frame-rate in
SL over Wonderland and wonder if this accounts for some of that???? Ric

nicoley
Offline
Joined: 2007-02-12
Points: 0

Dick,

If I understand your use case correctly, I believe you can already accomplish what you're suggesting by adding the security capability to objects. Using the Server Admin web UI or the in-world Group editor (select Edit --> Groups...), you can create user groups. If you create a "world admin" group, for example, you can make all the world content that you don't want others to mess with editable only by people in this group.

It's useful to combine the container capability with security. For example, you could make a building into a container and add the security capability described above. Now when any "world admin" users create new content in that building, the new objects will automatically inherit the security properties of the building.

Does that make sense?

Nicole.

hermetic_cab
Offline
Joined: 2008-06-22
Points: 0

had the same problem:
http://forums.java.net/jive/thread.jspa?threadID=70157&tstart=0

The problem is that people tend to drag and drop a lot, once they understand how that feature works.
So the problem is that somehow, one needs to have a way to limit this.
-is there a way to limit access to start apps (better dont show icon of apps generally in shortcuts list, nor show that objects in objects list to add them to world)?
-how to limit objects that can be created (types, bandwith etc)?
-is there a way, that if users dont have a specified role, all they created, will be removed automatical after leave?

I found the info of groups/security (nice feature!), but that only works for already created objects in world, right?

If I understand it correct,
can you give a bit more info how I make the whole world into a container, so users cant drop things in it without the propper rights?

kaplanj
Offline
Joined: 2004-07-13
Points: 0

These are great suggestions.

As you have noticed, you can do some of what you want (prevent creation of new objects) by using a container. Unfortunately there is no way to create a container the size of the whole world. I would suggest for now creating a world with a large floor space and a horizon that encompasses most of the initially visible area of the world, and making that a container. That will give an approximation of what you are looking for, since people will have to go far away (out of range of the starting location) to create any new content.

Please file an enhancement request in the bug tracker for the other functionality. A few people have asked to limit the types of objects people can create in a particular space. Do you have any thoughts on how an administrator might express what types are or aren't allowed in a space?

hermetic_cab
Offline
Joined: 2008-06-22
Points: 0

>Do you have any thoughts on how an administrator might express what types are or aren't allowed in a space?

I could think of two ways to archive it.
Maybe the fastest way would be to use the already working object of a container, but make it possible to use it as a 'virtual node': Allow a container to have security features, and make it possible to be added on the top-world node itself too, so people would have no 'escape' from it?
That container could have a list to add installed apps/modules working in it.
(The same could be archived if security could be added to top-world node, using security as a node, instead of a container.)

That would archive a very fine-tune way, to have different apps on sub-set parts (places) in world for different users.
I think an object-hierachy browser would be good to be accessible from admin interface too, so things can be configured without needed to log in world as user (more fail-prove).

A more generalisized way would be to add from a list of apps/modules on admin-interface in user manager or group manager.
But that would not have the nice feature of the first solution, to have changing apps/modules on hand, on different places in world.

Fallback could be, if there are no apps/modules in the world defined, all of them are working everywhere by default.

For the bandwith/app-instances count-feature and remove-own-objects-after-logout, I would prefere a more generalisized way by user-manager in admin-UI.

Well, maybe steflik or others could write his/their ideas also.