GitHub user MI-DROZ added a comment to the discussion: Get Rid of Account "Types"? and just use "Roles"?
Thanks for the insight and the history. Considering the backward compatibility, it does seem like removal of account types would be off the table. Just thinking through this I wonder if some sort of override mechanism at the time of creation would be more feasible to allow for the mapping of dynamic roles. Roughly something like this: - The ldap_trust_map table would contain a role_id column. - The “link domaintoldap” call would allow the optional specification of “roleid=” to populate the new column. - Functions that establish mappings like “ldapTrustMapVO” might override accountType if role_id is not null. Dynamic roles all have a “type” so when the mapping (account creation) occurs it might look something like this? If ldap_trust_map.role_id not NULL then account.role_id = ldap_trust_map.role_id and account.type = 0 if the role_type of ldap_trust_map.role_id = “User” OR 2 if the role_type of ldap_trust_map.role_id = “Domain Admin” I’m not a developer, just a rough attempt at pseudo code. This preserves the account type as always being 0 or 2 for backwards compatibility when the account is created. GitHub link: https://github.com/apache/cloudstack/discussions/10380#discussioncomment-14178956 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
