As for Min's question, I think Rohit is talking about keeping the "account-ownership model" the same in CloudStack, but just providing greater insight into what user specifically created or did whatever to a given resource.
On Fri, Nov 14, 2014 at 11:59 AM, Mike Tutkowski < mike.tutkow...@solidfire.com> wrote: > I didn't have access to the VM with my CS DB on it for a while, but I do > now and checked the DB structure. I see the user table has a reference to > the account table, so that's what I was expecting and hoped to see. > > On Fri, Nov 14, 2014 at 11:48 AM, Mike Tutkowski < > mike.tutkow...@solidfire.com> wrote: > >> I haven't looked at the DB tables for this, but presumably there is a >> user table like we have an account table and you can figure out what >> account a given user is in? That would be OK then. I just wasn't sure if we >> only allowed you to go from account to user, but not user to account in the >> DB. >> >> On Fri, Nov 14, 2014 at 11:39 AM, Mike Tutkowski < >> mike.tutkow...@solidfire.com> wrote: >> >>> Can a username like "mike" be re-used in multiple accounts? >>> >>> For example: >>> >>> Acct1\mike >>> Acct2\mike >>> >>> If so, the name "mike" would be insufficient to determine ownership of >>> the resource in some situations (unless it was fully qualified with its >>> account). >>> >>> On Fri, Nov 14, 2014 at 11:35 AM, Rohit Yadav <rohit.ya...@shapeblue.com >>> > wrote: >>> >>>> Hi Min, >>>> >>>> Good to know. What do you propose we do moving forward. Do a >>>> refactoring run to fix it or leave it as it is and perhaps add user_id >>>> columns to few resources that are more useful for sysadmins such as >>>> vm_instance table. >>>> >>>> > On 14-Nov-2014, at 11:49 pm, Min Chen <min.c...@citrix.com> wrote: >>>> > >>>> > Rohit, >>>> > >>>> > I think that the historic reason for this is that CloudStack is only >>>> > doing IAM access permission check on account level, user is only login >>>> > authentication purpose. That is why we will see that all our >>>> CloudStack >>>> > resource owner field is an account, since that is the only information >>>> > used for controlling whether you have some permissions to the >>>> resource. >>>> > Thanks >>>> > -min >>>> > >>>> > On 11/14/14 12:53 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> >>>> wrote: >>>> > >>>> >> Hi, >>>> >> >>>> >> All CloudStack DB entities (VM, storage, network etc.) have an owner >>>> >> field which is mostly the account. An account can have multiple >>>> users so >>>> >> just by looking at the resource (say VM) it¹s not possible to make >>>> out >>>> >> which user in the account (owner or account_id field in the db row >>>> of the >>>> >> entity) created it. CloudStack users may want to know this >>>> information >>>> >> for at least entities such as VMs and Volumes. >>>> >> >>>> >> Historically, why is the account owner of an entity and not a user? >>>> If >>>> >> user were the owner, we could easily get the account Id using the >>>> user Id. >>>> >> >>>> >> One solution to fix this problem is to refactor and replace Account >>>> >> (interface) usage with UserAccount (interface) usage, fix the DAO and >>>> >> resource layer, and add columns in the schema. This gets us all the >>>> >> information we need to determine domainId, AccountId and Id (the user >>>> >> ID). Should we do it for all entities or just keep status quo (use >>>> >> account as owners), or just fix it on-demand basis for specific >>>> entities >>>> >> such as for user VMs [1]. >>>> >> >>>> >> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-7908 >>>> >> >>>> >> Regards, >>>> >> Rohit Yadav >>>> >> Software Architect, ShapeBlue >>>> >> M. +91 88 262 30892 | rohit.ya...@shapeblue.com >>>> >> Blog: bhaisaab.org | Twitter: @_bhaisaab >>>> >> >>>> >> >>>> >> >>>> >> Find out more about ShapeBlue and our range of CloudStack related >>>> services >>>> >> >>>> >> IaaS Cloud Design & >>>> >> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >>>> >> CSForge rapid IaaS deployment framework< >>>> http://shapeblue.com/csforge/> >>>> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>>> >> CloudStack Software >>>> >> Engineering<http://shapeblue.com/cloudstack-software-engineering/> >>>> >> CloudStack Infrastructure >>>> >> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >>>> >> CloudStack Bootcamp Training >>>> >> Courses<http://shapeblue.com/cloudstack-training/> >>>> >> >>>> >> This email and any attachments to it may be confidential and are >>>> intended >>>> >> solely for the use of the individual to whom it is addressed. Any >>>> views >>>> >> or opinions expressed are solely those of the author and do not >>>> >> necessarily represent those of Shape Blue Ltd or related companies. >>>> If >>>> >> you are not the intended recipient of this email, you must neither >>>> take >>>> >> any action based upon its contents, nor copy or show it to anyone. >>>> Please >>>> >> contact the sender if you believe you have received this email in >>>> error. >>>> >> Shape Blue Ltd is a company incorporated in England & Wales. >>>> ShapeBlue >>>> >> Services India LLP is a company incorporated in India and is operated >>>> >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria >>>> Ltda is >>>> >> a company incorporated in Brasil and is operated under license from >>>> Shape >>>> >> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The >>>> Republic of >>>> >> South Africa and is traded under license from Shape Blue Ltd. >>>> ShapeBlue >>>> >> is a registered trademark. >>>> > >>>> >>>> Regards, >>>> Rohit Yadav >>>> Software Architect, ShapeBlue >>>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com >>>> Blog: bhaisaab.org | Twitter: @_bhaisaab >>>> >>>> >>>> >>>> Find out more about ShapeBlue and our range of CloudStack related >>>> services >>>> >>>> IaaS Cloud Design & Build< >>>> http://shapeblue.com/iaas-cloud-design-and-build//> >>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/ >>>> > >>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>>> CloudStack Software Engineering< >>>> http://shapeblue.com/cloudstack-software-engineering/> >>>> CloudStack Infrastructure Support< >>>> http://shapeblue.com/cloudstack-infrastructure-support/> >>>> CloudStack Bootcamp Training Courses< >>>> http://shapeblue.com/cloudstack-training/> >>>> >>>> This email and any attachments to it may be confidential and are >>>> intended solely for the use of the individual to whom it is addressed. Any >>>> views or opinions expressed are solely those of the author and do not >>>> necessarily represent those of Shape Blue Ltd or related companies. If you >>>> are not the intended recipient of this email, you must neither take any >>>> action based upon its contents, nor copy or show it to anyone. Please >>>> contact the sender if you believe you have received this email in error. >>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >>>> Services India LLP is a company incorporated in India and is operated under >>>> license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a >>>> company incorporated in Brasil and is operated under license from Shape >>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of >>>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is >>>> a registered trademark. >>>> >>> >>> >>> >>> -- >>> *Mike Tutkowski* >>> *Senior CloudStack Developer, SolidFire Inc.* >>> e: mike.tutkow...@solidfire.com >>> o: 303.746.7302 >>> Advancing the way the world uses the cloud >>> <http://solidfire.com/solution/overview/?video=play>*™* >>> >> >> >> >> -- >> *Mike Tutkowski* >> *Senior CloudStack Developer, SolidFire Inc.* >> e: mike.tutkow...@solidfire.com >> o: 303.746.7302 >> Advancing the way the world uses the cloud >> <http://solidfire.com/solution/overview/?video=play>*™* >> > > > > -- > *Mike Tutkowski* > *Senior CloudStack Developer, SolidFire Inc.* > e: mike.tutkow...@solidfire.com > o: 303.746.7302 > Advancing the way the world uses the cloud > <http://solidfire.com/solution/overview/?video=play>*™* > -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud <http://solidfire.com/solution/overview/?video=play>*™*
