zoukankan      html  css  js  c++  java
  • Phabricator实践(2):组织结构——账户角色(Account Role)

    Overview

    When you create a user account, you can set roles like "Administrator", "Disabled" or "System Agent". This document explains what these roles mean.

    Administrators

    Administrators are normal users with extra capabilities. They have access to some tools and workflows that normal users don't, which they can use to debug and configure Phabricator. For example, they have access to:

    • Account Management: The primary function of administrators is adding, disabling, and managing user accounts. Administrators can create and edit accounts and view access logs.
    • MetaMTA: Administrators can send test email via MetaMTA. This isn't available to normal users to prevent Phabricator from serving as a partially open relay if used by open source projects.
    • Repositories: Administrators can configure repositories. This isn't normally available because it is specialized and complicated to configure.

    Administrators have a few other minor capabilities in other tools. When you are in an administrative interface, the menu bar is red.

    Administrators are not in complete control of the system. Administrators can not login as other users or act on behalf of other users. Administrators can not bypass object privacy policies.

    NOTE: Administrators currently can act on behalf of other users via Conduit. This will be locked down at some point.

    System Agents

    System Agents are accounts for bots and scripts which need to interface with the system but are not regular users. Generally, when you write scripts that use Conduit (like the IRC bot), you should create a System Agent account for them. System agents:

    • can not login (they can access API methods via Conduit);
    • can not review diffs or own tasks;
    • do not appear in CC tokenzers.

    Currently, the System Agent role for an account can not be changed after the account is created. This prevents administrators form changing a normal user into a system agent, retrieving their Conduit certificate, and then changing them back (which would allow administrators to gain other users' credentials).

    备注:

    由于SystemAgent不能审核代码,而且也不会出现在Phabricator邮件选项中。

    而且也不会收到Review Action的邮件,即使你也参加了审核。

    所以我通常的做法是:

    Step1:后台使用命令行创建具有“Administrator”和“System Agent”角色的超级管理员账户。

    Step2:使用超级管理员账户给某个LDAP账户配置赋予“Administrator”角色。

  • 相关阅读:
    Day 15 模块
    Day 14 三元运算符,列表推导式,内置函数
    Day 13 可迭代对象,迭代器对象,for循环迭代,生成器对象,枚举对象
    Day 12 开放封闭原则,装饰器初识
    Day 11 函数对象,函数嵌套,作用域,闭包
    Day 10 函数的形参,实参
    Day 09 函数基础
    Day 08 文件操作模式,文件复制,游标
    HTTP协议
    11,.JS-DOM价绍
  • 原文地址:https://www.cnblogs.com/zhangqingsh/p/3022185.html
Copyright © 2011-2022 走看看