I've been recently working on a project management program (getting there)..and have started to wrestle with the security model. Basically it uses a standard gacl (general access control library) library (open source) that tries to deal with every likely possibility. The gacl idea is to allow modules to be defined and within each module 5-7 permission layers that can be set per user and/or group - for both access and denial of access - I know confusing. For example: If you have an application with a Company module and user contact module and within each you can Create/Update/Delete (CrUD) and View then you have 2 modules x 4 actions x 2 possible settings (allow/deny) = 16 take that and multiply by the number of users - say 100 - and you get 1600 table entries for the security module (roughly speaking). Where the general idea of having a generic approach makes sense, the problem comes into play when you start to scale. I've seen similar modules used to support a 20 module system for 100,000 users producing 160,000,000 records in the security database.....basically killing the system.
The basic argument for using a generic gacl is that it provides a consistent framework and reduces code support and issues - and it's made to accommodate all potential needs.
Here's my issue with this:
there are always exceptions (what if there's a single field in a module that needs special security handling? for certain users? for certain data? (a bank system that does not allow tellers to cash out accounts for consumers with an 'interesting' criminal background)
it really doesn't scale well
it's so complex that handling it and implementing the model (each module would need it) takes time/effort and potential coding mistakes.
AND what if there were really only 2 types of users? updaters and viewers? Have a separate object yes - million of rows of security data in a complex security model....no.......
My advice - understand the needs and data prior to implementing an overly complex generic approach - YOU CAN'T ACCOMMODATE EVERY POSSIBILITY SO DON'T TRY - make the solution specific to the need.
Thanks to a comment from Keith regarding web2Project - a branching of dotProject - I've been able to make some significant advances on the 'simplifying' of dotProject. I'm trying to be as strict as possible - following Occam's Razor....some recent changes include:
removing any % progress complete - you're either done or not...(something beaten into me some years ago)
removing departments...it's a PM tool not a contact management tool
removing $ fields - it's a PM tool not a budget tool
setting project status to Initiation, Planning, Execution/Control, Closeout, Complete and On-Hold...PMBOK 101
setting company types to active and inactive (there were 5 categories...not sure why)
removing internal hard coding
Overall - the initial developers and those currently support web2Project seem to have put a lot of good thought and effort into the code base - but like to many cooks in the kitchen, the product seems to have gotten feature bloat. Let's see what damage I can do to it. Hoping to have the PM tool simplified by end of this week and then I want to tackle the security model
I was working with a company on setting up a project management system - the selected tool was dotProject. dotProject is an open source PM tool, one of the few complete one's out there - it has a wide (from what I can tell) user base - but compared to some of the commercial software (SmartSheet, QuickBase, etc.) - it really doesn't compare...but it's free and has potential. So, in talking with the owner of the company - a very pro-open source person (morals do count) - I decided to take a shot at 'cleaning up' dotProject.......above is my first pass at items I would like to accomplish.....
Hoping to provide progress reports over the next month or so...and potentially have it re-released (open source of course) in 6-8 weeks. This is the first open source venture I'm the primary developer on (getting out the ole' PHP reference book now). Should be interesting. Code Name: ITProjectGuide (creative - right?)
They tell us that We lost our skills Evolving up From little coders I say its all Just wind in sails Are we not project managers? We are devo! Were pinheads now We are not whole Were pinheads all Ex Programmers Are we not project managers? D-e-v-o
I can accept people using $ to determine level of ethical behavior they have, the sad part is, in another study (need to find the link) - people act less ethical when they know they are not being watched and when they know what they do will not be known by others.......
The bright side is - there are still many people who's base nature is morale and ethical (thank goodness)
There has been some speculation in regards to what's inside my head...but that's another topic. I'm a huge user of mind mapping and have looked at TheBrain a few times, but I recently had 5 minutes to spare and was unhappy with the ability to put a martial arts site together....so 1 + 1 = http://masystems.org/ I'm currently using the free version, but plan on upgrading soon. The desktop version is more robust, I'm assuming some of the features are improved once I pay for the thing...but overall - it got my site to where I wanted it to go......it's different from the standard website, which is good, takes a little to get use to BUT provides me with a platform to slowly grow a content specific site where much of the content is really on other sites (wikipedia). I was able to add images, video, etc....very neat tool........ (image via: http://www.medem.com/MedLB/article_detaillb.cfm?article_ID=ZZZ0ZFP46JC&sub_cat=75)
To keep up the pretense that one day I'll be a hard core programmer - every so often I'll pick up a book and read it...really read it, not page by page read, but pick out interesting sections and deep read. Not only does The PHP Anthology provide good solution for specific relevant problems (email, forms, etc.) - the biggest benefit is the appendix where source code management, code documentation and unit testing are discussed. Good book - very useful information for real programming.
To date, I've been involved with two projects through oDesk and I have to say, it's been a very positive experience! From registering, to reviewing open job requests, interviewing, accepting, working and completing - the entire process is simple and clear. In my mind Web 2.5 is all about removing the middle people (political correct version of middle men) - where the supplier is working directly with the consumer, reducing costs, confusion, etc. oDesk does this for IT (and associated) providers. There are obvious adjustments that need to be made for working in this model, but the potential of direct access provides the benefit in this model. Here are some basic thoughts:
Costs will be driven down with barriers to remote resources removed
oDesk's management of payments, reviews of providers, etc. reduce risks of management and resource quality selection
Remote resource/project management will gain more focus
Open source will expand even more (remote providers are more likely to utilize free/open source tools - GO PHP!)
Project Managers/Analysts will need to adopt to more remote resource communication (adjust terminology, detail level, etc. as required)
On-Shore (US) consultant agencies, development shops, service providers will need to adopt...or else