#59 ✓resolved
Ask Bjørn Hansen

Support for multiple owners

Reported by Ask Bjørn Hansen | February 11th, 2009 @ 10:23 AM

We have some domains that need more than one admin having access to it.

Comments and changes to this ticket

  • Kenneth Kalmer

    Kenneth Kalmer February 11th, 2009 @ 11:26 AM

    • Tag set to ideas, owners
    • State changed from “new” to “hold”

    This is a tough one, I have to admit. Can you explain how this comes about please (from the business point of view), I'm very curious and there might be another way to solve this.

    I'm thinking along the lines of domain owner, and technician, or something similar.

  • renchap

    renchap February 11th, 2009 @ 11:38 AM

    In our compagny we have several people that should be able to manage a domain. Currently, they must be admin, or use the same account.

    If we can give access to a domain to all these people, it will be better for accounting/security.

  • Kenneth Kalmer

    Kenneth Kalmer February 11th, 2009 @ 01:09 PM

    OK, how about we stick with one owner for the domain, since that is ultimately the case. We accept that a domain is always owned by a single entity (person, company, joint venture). This mimics the real world on ownership, but not on management.

    Like you pointed out, multiple people need access to a collection of domains. We use the authentication tokens feature for that, but I understand not everyone wants to write another application for generating authentication tokens.

    What if we allow the domain owner (and admins) to associate different users with the domain as 'technicians'. This way the domain owner is still in control of their property (or at least a proxy of the owner), and several others have access to manage the domain.

    The 'technicians' will have full access, as if the own the domain. I think the only restriction should be on removing the domain (leave for owner and admins). If any finer grained controls are needed, use authentication tokens for that.

    I do see the following issues though:

    • Add domain via template, doesn't add technicians. Coupling technicians to templates makes them brittle and more prone to duplication.
    • Domain owner would need to know the usernames of the people he wants to make technicians, we cannot provide a list. We're not making friends either, this isn't a social network, it's DNS management
    • User groups? No way, adds to the social networking problem above.

    Lets keep passing ideas around here until we are sure we have a SIMPLE solution that fits the majority of cases. I don't want something complicated here, it is going to kill the project. Many great FOSS has died because of unneeded complexity.

  • Ask Bjørn Hansen

    Ask Bjørn Hansen February 11th, 2009 @ 11:42 PM

    Yeah - having an owner and other authorized users makes sense.

  • jb

    jb February 15th, 2009 @ 09:20 PM

    For the domain owner to know who to add, what about a technician, once they have an account, can request it, then owner approve? Requests could be stored either in email (click link to approve this user) or in database.

    Alternatively (not scalable) have an admin add technicians?

  • Kenneth Kalmer

    Kenneth Kalmer February 15th, 2009 @ 10:05 PM

    I'm sticking with the (not scalable) owner adds technicians. Requesting access becomes another 'gimmick', and I don't want to turn DNS management into a social networking mechanism.

    I'm sure once I've got the initial part in and everyone is using it we'll start to get a better idea of what is plausible, and what is not.

  • Kenneth Kalmer

    Kenneth Kalmer July 9th, 2011 @ 01:31 PM

    • Tag changed from ideas, owners to ideas, migrated_to_github, owners
    • State changed from “hold” to “resolved”
    • Milestone order changed from “0” to “0”

    Hi guys, I've logged this in the new Github issues tracker (see https://github.com/kennethkalmer/powerdns-on-rails/issues/25) for my new thoughts on bringing multi-tenancy to PowerDNS on Rails. Please watch/comment further at Github.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

This issue tracker has been deprecated. Please use the Github issue tracker at https://github.com/kennethkalmer/powerdns-on-rails/issues

Thank you

People watching this ticket