2

While reading the web2py manual, I came across this following:

'Once a new user is registered, a new group is created to contain the user. The role of the new user is conventionally "user_[id]" where [id] is the id of the newly created id.'

which makes me wonder why Web2py does this. More specifically, why do we need to have so many seemingly redundant groups created where each only contains a single user? For example, what is the purpose of having a group called 'user_2' created just for containing the user with id '2'?

If no particular justification exists, is there any way to disable this default behavior of automatically creating unique groups for individual users, so that more meaningful groups can be created separately? Thanks.

skyork
  • 7,113
  • 18
  • 63
  • 103

2 Answers2

5

The very next sentence says:

The creation of the group can be disabled with

    1. auth.settings.create_user_groups = False

It goes on to say:

Users have membership in groups. Each group is identified by a name/role. Groups have permissions. Users have permissions because of the groups they belong to.

It is a role-based access control (RBAC) system, so groups/roles rather than individual users are given permissions, and users gain access by virtue of the groups to which they belong (including their own user-specific group). This is explained more fully in the chapter intro.

If you don't need to give specific permissions to individual users but only to more broadly defined groups/roles, then feel free to disable the automatic user-specific group creation as per the above.

Anthony
  • 25,466
  • 3
  • 28
  • 57
0

You can add user2 to group of user1 so user2 obtains permissions of user1. Its usefull in many cases ...

David Marko
  • 2,477
  • 3
  • 27
  • 58