I think commands.properties is not just providing ACL on the API - but it also serves as a whitelist of APIs available on the deployment. It can be a one-step configuration option to disable certain functionality.
Prachi -----Original Message----- From: Darren Shepherd [mailto:darren.s.sheph...@gmail.com] Sent: Tuesday, October 08, 2013 3:24 PM To: dev@cloudstack.apache.org Subject: [DISCUSS] make commands.properties the exception, not the rule I would like to largely remove commands.properties. I think most API commands naturally have a default ACL that should be applied. I think it makes sense to add to the @APICommand flags for user, domain, admin. Then, as an override mechanism, people can edit commands.properties to change the default ACL. This would make it such that people could add new commands without the need to edit commands.properties. Thoughts? How will this play with whatever is being done with rbac? Darren
