prototyping that focusses on defining Permissions for CloudStack and
>stores them directly to Db to facilitate read operations.
-Prachi
-Original Message-
From: Min Chen [mailto:min.c...@citrix.com]
Sent: Sunday, September 29, 2013 12:04 PM
To:
Cc: dev@cloudstack.apache.org
Subject: R
Commands.properties will stay as it is for now, acl_api_permission will be
auto-populated based on this commands.properties file. So developers do
not need to update the DB when they add a new api.
-min
On 9/29/13 6:10 PM, "Darren Shepherd" wrote:
>So this will replace the commands.properties.
So this will replace the commands.properties. If one adds a new api, will they
need to update the DB?
Darren
On Sep 29, 2013, at 5:15 PM, Min Chen wrote:
>>
>>
>>
>> One random question, I'm interested in knowing what the relationship
>> between commands.props and this new rbac thing will
>
>
>
>One random question, I'm interested in knowing what the relationship
>between commands.props and this new rbac thing will be.
We have categorized two types of permission, one is API level permission
to work with current ApiChecker (what kind of APIs are allowed to be
accessed by a particula
Oops accidentally sent the last email before I finished.
I'll probably disagree with the implementation. It sounds like your scope
right now is very simple and small and thus your are doing a very simple
approach. But that in my mind will lead to either 1) you scrap and rewrite the
thing whe
I look forward to the proposal. Based on your short comments and the artifacts
I've seen so, I'll warn you that I'll probably disagree strongly with the
implement
Darren
> On Sep 29, 2013, at 12:04 PM, Min Chen wrote:
>
> RBAC branch was created by Prachi and me to do some quick prototype on
RBAC branch was created by Prachi and me to do some quick prototype on rbac
feature we are going to propose in the community soon. Since it is not ready
yet, we haven't proposed and published FS on the ML.
In this prototype, we have group, accout, role, permission as our first class
object. Unl
I think it is important to identify what is exclusively for Cloudstack and what
all can be reused across multiple services.
1. Authentication - Typically enterprises/service providers would like to reuse
their existing authentication systems. So an easy mechanism needs to be
provided for integr
On 29 Sep 2013, at 05:51, Darren Shepherd wrote:
> I've noticed there's a rbac branch and things are being committed
> there. I didn't see any documentation about the design or anything
> (maybe it exists and I looked in the wrong place), so I'm just going
> to give you my two cents on authori
