<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=296460514-29092006><FONT face=Arial
color=#0000ff size=2>Sharing roles but not permissions can be a powerful way to
differentiate sites or site sections and the permissions roles can have in each.
I use such a setup up so that editors of section of a multisite only have
editing/config permissions in there area. But it can get really messy too if you
are not neat during setup and you keep good notes of what you did. It can
be a pain though to update 3 to 5 sets of access permission when you add a new
module or update who can do what.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=296460514-29092006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=296460514-29092006><FONT face=Arial
color=#0000ff size=2>Not sharing the roles tables (while sharing the users
table) add another layer of messiness that had really be ready to manage. Each
user could have differenent roles under each section of the multisite. So you if
want 'Jon Doe' to be an 'editor' in site one and two, you need to go to his
profile in both sites and add him to that role.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=296460514-29092006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=296460514-29092006><FONT face=Arial
color=#0000ff size=2>I don't think that layer of abstraction is needed if you
just use the permissions table, to give the 'editor' role access under site one
and two, but then no extra access in other places. So my recommendation would be
to share the roles table, but not permissions.</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> support-bounces@drupal.org
[mailto:support-bounces@drupal.org] <B>On Behalf Of </B>Anisa<BR><B>Sent:</B>
Thursday, September 28, 2006 11:45 PM<BR><B>To:</B>
support@drupal.org<BR><B>Subject:</B> Re: [support] shared tables for
multisite<BR></FONT><BR></DIV>
<DIV></DIV>Hm. losing nids, does it matter? (happy to ignore problems that
are not problems! :) Also, what happens if you share roles, but not
permissions? What if I didn't want to share roles?<BR><BR>Does anyone have
a multi install and can share their working config, as well as why they did it
that way?<BR><BR>Anisa.<BR><BR>
<DIV><SPAN class=gmail_quote>On 9/27/06, <B class=gmail_sendername>Jeremy
Epstein</B> <<A
href="mailto:jazepstein@gmail.com">jazepstein@gmail.com</A>> wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">Be
very careful about sharing the 'sequences' table. If you share this<BR>table,
then you are sharing the generation of IDs of ALL types (for<BR>many, but not
all, drupal entities) across all your sites. That is, if<BR>you share the
sequences table but not your node tables, then you will <BR>be 'losing' a lot
of nids (I guess this could be regarded as a good<BR>thing or a bad thing -
either way, it's probably not a major thing).<BR><BR>The trouble is, if you
DON'T share the 'sequences' table, then you<BR>will only be able to create
users on one site, and not on any of the<BR>others. That is, you will have to
disable user registration on all<BR>sites but one. If you don't, then you will
get SQL 'duplicate entry'<BR>errors, and you will have UID conflicts, and
there will be user <BR>accounts that never actually get created.<BR><BR>IMO,
the solution to all of this is to ditch the 'sequences' table<BR>altogether,
and to just rely on database generation of IDs (i.e.<BR>auto_increment or
equivalent). <BR><BR>Cheers,<BR>Jeremy.<BR><BR>On 9/27/06, Anisa <<A
href="mailto:mystavash@animecards.org">mystavash@animecards.org</A>>
wrote:<BR>> OK. Let's say you only want to share users across a
multisite installation. <BR>> In a plain Drupal installation,
are these the only tables you need to<BR>> share? (copied from the single
signon module)<BR>><BR>> * 'default' =>
'somesitename_',<BR>> * 'authmap' => 'shared_',
<BR>> * 'profile_fields' => 'shared_',<BR>> *
'profile_values' => 'shared_',<BR>> * 'role' =>
'shared_',<BR>> * 'sequences' =>
'shared_',<BR>> * 'sessions' =>
'shared_',<BR>> * 'users' => 'shared_', <BR>> *
'users_roles' => 'shared_',<BR>> * 'users_uid_seq' =>
'shared_', // for pgsql<BR>> Anisa.<BR>><BR>><BR>--<BR>[ Drupal
support list | <A href="http://lists.drupal.org/">http://lists.drupal.org/
</A>]<BR></BLOCKQUOTE></DIV><BR><BR clear=all><BR>--
<BR>*********************************<BR><A
href="http://www.AnimeCards.Org">www.AnimeCards.Org</A><BR><BR>16,000 scans and
counting!<BR>********************************* </BODY></HTML>