Cats & Dogs - Cloudron Groups and Users Visibility
Lets say that there are several groups of users on a Cloudron. How do we manage things so that the Cats Group only ever see other cats, and the Dogs Group only see the dogs? There is another Group, the Monkeys, a sort of mandarin Group, a mandarin class who are involved in the administration of the Cloudron, to a limited extent.
If I grant the User Lion "User Manager" status, or "email and User Manager" status, that big Cat is now able to discover all the dogs, and monkeys.
It might be handy to grant Lion some greater powers, as they could be relied upon to invite other cats into the Cloudron Cat group.
Is it possible to create a Group within a Group, for example a "Big Cat" group, which could see only other cats or some of the monkeys?
Generally we are designing Cloudron more for the single organization use-case and try to not pull in too much on the horizontal "scaling" aspect to keep things simple and easier to manage. If you need use managers for specific groups only, then most likely it is a better approach to isolate those organzations currently on two distinct Cloudrons, while having the "monkey" group as I guess somewhat admins on both Cloudrons (those could be synced from an admin specific Cloudron via the external ldap and user directory features). I know this is not the sleekest solution for your use-case but adding more fine-grained user management and access control capabilities, quickly explodes in complexity for us.
@nebulon ok, that sounds good. It is much safer to have those groups on different cloudrons too. I just thought that the functionality was there but I hadn't discovered it.
ruihildt last edited by
@nebulon I understand that view, but then isn't the multi-node Cloudron at odds with that point of view?
Isn't that some kind of horizontal scaling?
@ruihildt yeah I guess horizontal scaling is not the correct term for what I meant. I believe, viewing one Cloudron instance (which may consist of multiple servers in the future) for one organization is what we are aiming for. Not the scaling for multi-tenancy of organizations (the scaling more applicable for SaaS offerings)