When you design an application, do you favour user-configurable menus and permissions or do you feel that is best left to the developer of the appplication to avoid any potential security issues introduced by the end-user.
Basically, if you lokok at SugarCRM, the primary tabs in that application are configurable by an admin user via a control panel. While I find this nice to have total control, I also find it slightly complicated, especially for computer laymen. Keeping tabs on who has access to what, even using groups makes the application more complicated at the expense of configurability...
Most applications I've looked at follow a fixed area for a set user level approach to design. For instance, if a user has a level of "admin" then can access only the tabs according to that group, whereas if they are "super" the might have access to everything...
The point is, each "zone" has a fixed number of tabs or menu links, etc which are available to the end-user.
My application (in my clients best interest) currently follows a static menu approach - but could easily be converted to use a configurable approach, according to groups, etc...
My goal is simplicity, both for my users and me...the static approach is slightly easier to implement and certain lowers the learning curve. Essentially I am just missing the wiring for the admin panel to allow changes to the menu tab order, etc...otherwise everything is dynamically generated from config files - so from a development standpoint it's not a lot of work...
Probably the wrong crowd to ask - developers always want control - but if you could look at an application from a computer user perspective for a second which would you prefer???
Fixed menus and zones
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Fixed menus and zones
I have never found the need for groups as such. The only case where I needed to restrict access to certain areas I did a little differently - I allowed the global admin to allow/deny each section from the admin system themselves, allowing access to certain features this user needed, and denying others.
I assume you mean in the admin system?
I assume you mean in the admin system?