As I drove south from Scotland this morning, I was listening to the radio; an increasingly rare chance to catch up with the in depth news and review programs on Radio 4 that provide a more thorough background to history and events than I feel I get from the snippets of TV that I watch. A program of about an hour on the early days of Aids, from its discovery in communities in New York, through the gayphobia it caused in many people as it was attributed to that community, and on through to the acceptance by the UK government that it needed to provide public awareness had me thinking back and recalling a history from a time at which I was in a monogamous relationship, had been for years, wasn't receiving blood products, so had the luxury of being able to take a lesser interest in the subject than many.
Do you recall a leaflet distributed to 23 million households to give them Aids information - part of the "tombstone" campaign? One of the speakers on the program commented how her organisation heard, a few days before the leaflet was sent out, that their phone number - with a total of 4 lines - was to appear on the leaflet as a number for people to call if the wanted advise. Panic - and potential meltdown at that organisation, and a rush to get in more lines and staff.
As a strange twist of fate, some of the folks I was training yesterday were also very much in a (temporary) panic mode because of someone's circulation of a single help desk line / phone number to some 500 staff, with a suggestion that the staff contact the help desk and have them delete what were considered, by the message originator, to be a tier of excess and confusing email accounts. But in this instance, it turned out to be something of a 'false alarm' in that extra level of email accounts forms a vital part of the system - and also an excellent illustration of the use of roles
Roles - or extending a user's data views
The concert of roles has, in recent years, been added to the concept of users and groups as far as user's authentication and rights are concerned - it's something we come across on our Deploying Apache httpd and Tomcat course
amongst other places.
Let's say that I have a whole series of staff working at a higher education establishment - then I'll give them all login accounts that let them do what staff can do, see the views of the data that all the staff can see, and make alterations which are in line with their positions as staff members. In other words, each member of staff has a staff role
on the systems.
Are staff also students? Well - perhaps they aren't - or perhaps they are. Certainly, some of them may need to take on the role
of a student, allowing them to access the systems and data in the same way that a student would. With such a mechanism, a staff member in his/her student role could check that the system would perform correctly when one of their students submitted coursework / used the system as required as part of their course. And that's a vital thing for staff members to be able to do.
Then you'll have some staff members who will also take on the roles of internal and external examiners, and so on. (If you're familiar with Unix / Linux groups, you might see how roles are in effect an extension of that concept).
On a system that wasn't originally developed with roles in mind, you can have something of a problem in terms of how to allocate multiple roles to a single log on account, and one of the solutions is to provide each user who needs multiple roles to have multiple logins - a bit of a 'kludge', but it works. And with multiple logins will come multiple email addresses ... which formed the background of yesterday's panic. It seems that some of the multi-role users had only been checking their main email account and messages had been lost. Some staff members were being branded "rude" by people who had been writing to them and not receiving replies, and a number of mailboxes were slowly collecting a mixture of dust and emails - inflating like balloons in some cases and eating up disc space with unread messages.
As with any problem, a quick analysis and a step back from the issue points to a straightforward solution ... and in this case the solution is email forwarding. Once email forwarding is implemented on all the accounts concerned, the multilogin / multirole features that are needed will be working a treat, and the lost email accounts will no longer be acting as accumulators. (written 2006-11-04, updated 2009-01-01)
Associated topics are indexed underA654 - Web Application Deployment - Configuring and Controlling Tomcat 
Gathering information - logging - with log4j. First steps. - (2010-11-12) 
Reading and writing cookies in Java Servlets and JSPs - (2010-02-26) 
CATALINA_OPTS v JAVA_OPTS - What is the difference? - (2009-05-09) 
Tomcat 6 - Annotated Sample Configuration Files - (2009-03-01) 
The Invoker - (2009-02-13) 
tomcat-users.xml; what a difference a space made - (2009-01-16) 
Port and Glasses - (2008-12-14) 
WEB-INF (Tomcat) and .htaccess (httpd) - (2008-08-20) 
Automatic startup and shutdown of Tomcat - (2008-02-24) 
Web page (http) error status 405 - (2008-01-12) 
Apache Tomcat Performance Tuning - (2007-09-29) 
Compressing web pages sent out from server. Is it worth it? - (2007-09-14) 
Browser -> httpd -> Tomcat -> MySQL. Restarting. - (2006-10-28) 
Tomcat - Shutdown port - (2006-08-18)
Some other Articles
Databases needn't be frightening, hard or expensiveSyntax checking in PHPDriving customers awayPaging through hundreds of entriesA practical example of rolesPython - A list of methodsRecursion in PythonLetter HomeHelping the miles passPython is like a narrowboat