Also, yeah, it's a bit odd having domain_id, account_id, and user_id since having user_id would allow you to retrieve the other information, but that might be the easiest way to implement this (and we were already semi-denormalized having both domain_id and account_id in these tables).
On Fri, Nov 14, 2014 at 12:08 PM, Mike Tutkowski < mike.tutkow...@solidfire.com> wrote: > Yeah, I assume you would use the column ID of the user table (as opposed > to the UUID of the given user), right? > > On Fri, Nov 14, 2014 at 12:04 PM, Rohit Yadav <rohit.ya...@shapeblue.com> > wrote: > >> Min, you’re right I don’t propose to change the IAM model just some >> additional data that notes who *actually* owns the resource (VM, volume, >> etc.) in an account which can be useful for sysadmins to list resource by >> userid etc. >> >> I can understand the hesitation and the side effects such a refactoring >> can produce, so I think the best would be to add user_id (uuid) columns and >> change only the API/query layer. >> >> Mike: I don’t propose to use user name but uuids so they are unique. My >> concern was adding user_id column to say vm_instance table denormalizes >> data as that table already has domain_id and account_id in it and as Rajani >> suggested earlier those two are not needed as using user_id one can find >> account_id and domain_id. I guess, the easiest way would be to just add an >> additional user_id column. >> >> Cheers. >> >> > On 15-Nov-2014, at 12:14 am, Min Chen <min.c...@citrix.com> wrote: >> > >> > Rohit, If I understood you correctly, the user_id column is only used >> for >> > listing resources to indicate which user is the real owner/creator of >> the >> > resource, but you don't want to change CloudStack account-level >> permission >> > model to user-level permission model, right? If so, the change will be >> > smaller, maybe some Response classes, which should not involve too many >> > business layer change. I will hesitate to really change CloudStack IAM >> > model though. >> > >> > Thanks >> > -min >> > >> > On 11/14/14 10:35 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote: >> > >> >> Hi Min, >> >> >> >> Good to know. What do you propose we do moving forward. Do a >> refactoring >> >> run to fix it or leave it as it is and perhaps add user_id columns to >> few >> >> resources that are more useful for sysadmins such as vm_instance table. >> >> >> >>> On 14-Nov-2014, at 11:49 pm, Min Chen <min.c...@citrix.com> wrote: >> >>> >> >>> Rohit, >> >>> >> >>> I think that the historic reason for this is that CloudStack is only >> >>> doing IAM access permission check on account level, user is only login >> >>> authentication purpose. That is why we will see that all our >> CloudStack >> >>> resource owner field is an account, since that is the only information >> >>> used for controlling whether you have some permissions to the >> resource. >> >>> Thanks >> >>> -min >> >>> >> >>> On 11/14/14 12:53 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> >> wrote: >> >>> >> >>>> Hi, >> >>>> >> >>>> All CloudStack DB entities (VM, storage, network etc.) have an owner >> >>>> field which is mostly the account. An account can have multiple users >> >>>> so >> >>>> just by looking at the resource (say VM) it¹s not possible to make >> out >> >>>> which user in the account (owner or account_id field in the db row of >> >>>> the >> >>>> entity) created it. CloudStack users may want to know this >> information >> >>>> for at least entities such as VMs and Volumes. >> >>>> >> >>>> Historically, why is the account owner of an entity and not a user? >> If >> >>>> user were the owner, we could easily get the account Id using the >> user >> >>>> Id. >> >>>> >> >>>> One solution to fix this problem is to refactor and replace Account >> >>>> (interface) usage with UserAccount (interface) usage, fix the DAO and >> >>>> resource layer, and add columns in the schema. This gets us all the >> >>>> information we need to determine domainId, AccountId and Id (the user >> >>>> ID). Should we do it for all entities or just keep status quo (use >> >>>> account as owners), or just fix it on-demand basis for specific >> >>>> entities >> >>>> such as for user VMs [1]. >> >>>> >> >>>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-7908 >> >>>> >> >>>> Regards, >> >>>> Rohit Yadav >> >>>> Software Architect, ShapeBlue >> >>>> M. +91 88 262 30892 | rohit.ya...@shapeblue.com >> >>>> Blog: bhaisaab.org | Twitter: @_bhaisaab >> >>>> >> >>>> >> >>>> >> >>>> Find out more about ShapeBlue and our range of CloudStack related >> >>>> services >> >>>> >> >>>> IaaS Cloud Design & >> >>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >> >>>> CSForge rapid IaaS deployment >> >>>> framework<http://shapeblue.com/csforge/> >> >>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> >>>> CloudStack Software >> >>>> Engineering<http://shapeblue.com/cloudstack-software-engineering/> >> >>>> CloudStack Infrastructure >> >>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >> >>>> CloudStack Bootcamp Training >> >>>> Courses<http://shapeblue.com/cloudstack-training/> >> >>>> >> >>>> This email and any attachments to it may be confidential and are >> >>>> intended >> >>>> solely for the use of the individual to whom it is addressed. Any >> views >> >>>> or opinions expressed are solely those of the author and do not >> >>>> necessarily represent those of Shape Blue Ltd or related companies. >> If >> >>>> you are not the intended recipient of this email, you must neither >> take >> >>>> any action based upon its contents, nor copy or show it to anyone. >> >>>> Please >> >>>> contact the sender if you believe you have received this email in >> >>>> error. >> >>>> Shape Blue Ltd is a company incorporated in England & Wales. >> ShapeBlue >> >>>> Services India LLP is a company incorporated in India and is operated >> >>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda >> >>>> is >> >>>> a company incorporated in Brasil and is operated under license from >> >>>> Shape >> >>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The >> Republic >> >>>> of >> >>>> South Africa and is traded under license from Shape Blue Ltd. >> ShapeBlue >> >>>> is a registered trademark. >> >>> >> >> >> >> Regards, >> >> Rohit Yadav >> >> Software Architect, ShapeBlue >> >> M. +91 88 262 30892 | rohit.ya...@shapeblue.com >> >> Blog: bhaisaab.org | Twitter: @_bhaisaab >> >> >> >> >> >> >> >> Find out more about ShapeBlue and our range of CloudStack related >> services >> >> >> >> IaaS Cloud Design & >> >> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >> >> CSForge rapid IaaS deployment framework< >> http://shapeblue.com/csforge/> >> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> >> CloudStack Software >> >> Engineering<http://shapeblue.com/cloudstack-software-engineering/> >> >> CloudStack Infrastructure >> >> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >> >> CloudStack Bootcamp Training >> >> Courses<http://shapeblue.com/cloudstack-training/> >> >> >> >> This email and any attachments to it may be confidential and are >> intended >> >> solely for the use of the individual to whom it is addressed. Any views >> >> or opinions expressed are solely those of the author and do not >> >> necessarily represent those of Shape Blue Ltd or related companies. If >> >> you are not the intended recipient of this email, you must neither take >> >> any action based upon its contents, nor copy or show it to anyone. >> Please >> >> contact the sender if you believe you have received this email in >> error. >> >> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >> >> Services India LLP is a company incorporated in India and is operated >> >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda >> is >> >> a company incorporated in Brasil and is operated under license from >> Shape >> >> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic >> of >> >> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue >> >> is a registered trademark. >> > >> >> Regards, >> Rohit Yadav >> Software Architect, ShapeBlue >> M. +91 88 262 30892 | rohit.ya...@shapeblue.com >> Blog: bhaisaab.org | Twitter: @_bhaisaab >> >> >> >> Find out more about ShapeBlue and our range of CloudStack related services >> >> IaaS Cloud Design & Build< >> http://shapeblue.com/iaas-cloud-design-and-build//> >> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> CloudStack Software Engineering< >> http://shapeblue.com/cloudstack-software-engineering/> >> CloudStack Infrastructure Support< >> http://shapeblue.com/cloudstack-infrastructure-support/> >> CloudStack Bootcamp Training Courses< >> http://shapeblue.com/cloudstack-training/> >> >> This email and any attachments to it may be confidential and are intended >> solely for the use of the individual to whom it is addressed. Any views or >> opinions expressed are solely those of the author and do not necessarily >> represent those of Shape Blue Ltd or related companies. If you are not the >> intended recipient of this email, you must neither take any action based >> upon its contents, nor copy or show it to anyone. Please contact the sender >> if you believe you have received this email in error. Shape Blue Ltd is a >> company incorporated in England & Wales. ShapeBlue Services India LLP is a >> company incorporated in India and is operated under license from Shape Blue >> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil >> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is >> a company registered by The Republic of South Africa and is traded under >> license from Shape Blue Ltd. ShapeBlue is a registered trademark. >> > > > > -- > *Mike Tutkowski* > *Senior CloudStack Developer, SolidFire Inc.* > e: mike.tutkow...@solidfire.com > o: 303.746.7302 > Advancing the way the world uses the cloud > <http://solidfire.com/solution/overview/?video=play>*™* > -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud <http://solidfire.com/solution/overview/?video=play>*™*
