Yeah, I assume you would use the column ID of the user table (as opposed to the UUID of the given user), right?
On Fri, Nov 14, 2014 at 12:04 PM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > Min, you’re right I don’t propose to change the IAM model just some > additional data that notes who *actually* owns the resource (VM, volume, > etc.) in an account which can be useful for sysadmins to list resource by > userid etc. > > I can understand the hesitation and the side effects such a refactoring > can produce, so I think the best would be to add user_id (uuid) columns and > change only the API/query layer. > > Mike: I don’t propose to use user name but uuids so they are unique. My > concern was adding user_id column to say vm_instance table denormalizes > data as that table already has domain_id and account_id in it and as Rajani > suggested earlier those two are not needed as using user_id one can find > account_id and domain_id. I guess, the easiest way would be to just add an > additional user_id column. > > Cheers. > > > On 15-Nov-2014, at 12:14 am, Min Chen <min.c...@citrix.com> wrote: > > > > Rohit, If I understood you correctly, the user_id column is only used for > > listing resources to indicate which user is the real owner/creator of the > > resource, but you don't want to change CloudStack account-level > permission > > model to user-level permission model, right? If so, the change will be > > smaller, maybe some Response classes, which should not involve too many > > business layer change. I will hesitate to really change CloudStack IAM > > model though. > > > > Thanks > > -min > > > > On 11/14/14 10:35 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote: > > > >> Hi Min, > >> > >> Good to know. What do you propose we do moving forward. Do a refactoring > >> run to fix it or leave it as it is and perhaps add user_id columns to > few > >> resources that are more useful for sysadmins such as vm_instance table. > >> > >>> On 14-Nov-2014, at 11:49 pm, Min Chen <min.c...@citrix.com> wrote: > >>> > >>> Rohit, > >>> > >>> I think that the historic reason for this is that CloudStack is only > >>> doing IAM access permission check on account level, user is only login > >>> authentication purpose. That is why we will see that all our CloudStack > >>> resource owner field is an account, since that is the only information > >>> used for controlling whether you have some permissions to the resource. > >>> Thanks > >>> -min > >>> > >>> On 11/14/14 12:53 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote: > >>> > >>>> Hi, > >>>> > >>>> All CloudStack DB entities (VM, storage, network etc.) have an owner > >>>> field which is mostly the account. An account can have multiple users > >>>> so > >>>> just by looking at the resource (say VM) it¹s not possible to make out > >>>> which user in the account (owner or account_id field in the db row of > >>>> the > >>>> entity) created it. CloudStack users may want to know this information > >>>> for at least entities such as VMs and Volumes. > >>>> > >>>> Historically, why is the account owner of an entity and not a user? If > >>>> user were the owner, we could easily get the account Id using the user > >>>> Id. > >>>> > >>>> One solution to fix this problem is to refactor and replace Account > >>>> (interface) usage with UserAccount (interface) usage, fix the DAO and > >>>> resource layer, and add columns in the schema. This gets us all the > >>>> information we need to determine domainId, AccountId and Id (the user > >>>> ID). Should we do it for all entities or just keep status quo (use > >>>> account as owners), or just fix it on-demand basis for specific > >>>> entities > >>>> such as for user VMs [1]. > >>>> > >>>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-7908 > >>>> > >>>> Regards, > >>>> Rohit Yadav > >>>> Software Architect, ShapeBlue > >>>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com > >>>> Blog: bhaisaab.org | Twitter: @_bhaisaab > >>>> > >>>> > >>>> > >>>> Find out more about ShapeBlue and our range of CloudStack related > >>>> services > >>>> > >>>> IaaS Cloud Design & > >>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> > >>>> CSForge rapid IaaS deployment > >>>> framework<http://shapeblue.com/csforge/> > >>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > >>>> CloudStack Software > >>>> Engineering<http://shapeblue.com/cloudstack-software-engineering/> > >>>> CloudStack Infrastructure > >>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> > >>>> CloudStack Bootcamp Training > >>>> Courses<http://shapeblue.com/cloudstack-training/> > >>>> > >>>> This email and any attachments to it may be confidential and are > >>>> intended > >>>> solely for the use of the individual to whom it is addressed. Any > views > >>>> or opinions expressed are solely those of the author and do not > >>>> necessarily represent those of Shape Blue Ltd or related companies. If > >>>> you are not the intended recipient of this email, you must neither > take > >>>> any action based upon its contents, nor copy or show it to anyone. > >>>> Please > >>>> contact the sender if you believe you have received this email in > >>>> error. > >>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue > >>>> Services India LLP is a company incorporated in India and is operated > >>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda > >>>> is > >>>> a company incorporated in Brasil and is operated under license from > >>>> Shape > >>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic > >>>> of > >>>> South Africa and is traded under license from Shape Blue Ltd. > ShapeBlue > >>>> is a registered trademark. > >>> > >> > >> Regards, > >> Rohit Yadav > >> Software Architect, ShapeBlue > >> M. +91 88 262 30892 | rohit.ya...@shapeblue.com > >> Blog: bhaisaab.org | Twitter: @_bhaisaab > >> > >> > >> > >> Find out more about ShapeBlue and our range of CloudStack related > services > >> > >> IaaS Cloud Design & > >> Build<http://shapeblue.com/iaas-cloud-design-and-build//> > >> CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/ > > > >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > >> CloudStack Software > >> Engineering<http://shapeblue.com/cloudstack-software-engineering/> > >> CloudStack Infrastructure > >> Support<http://shapeblue.com/cloudstack-infrastructure-support/> > >> CloudStack Bootcamp Training > >> Courses<http://shapeblue.com/cloudstack-training/> > >> > >> This email and any attachments to it may be confidential and are > intended > >> solely for the use of the individual to whom it is addressed. Any views > >> or opinions expressed are solely those of the author and do not > >> necessarily represent those of Shape Blue Ltd or related companies. If > >> you are not the intended recipient of this email, you must neither take > >> any action based upon its contents, nor copy or show it to anyone. > Please > >> contact the sender if you believe you have received this email in error. > >> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue > >> Services India LLP is a company incorporated in India and is operated > >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is > >> a company incorporated in Brasil and is operated under license from > Shape > >> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic > of > >> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue > >> is a registered trademark. > > > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +91 88 262 30892 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build< > http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Software Engineering< > http://shapeblue.com/cloudstack-software-engineering/> > CloudStack Infrastructure Support< > http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training Courses< > http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is a > company incorporated in India and is operated under license from Shape Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil > and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is > a company registered by The Republic of South Africa and is traded under > license from Shape Blue Ltd. ShapeBlue is a registered trademark. > -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud <http://solidfire.com/solution/overview/?video=play>*™*
