Hi Senaka, IMHO, we should not define a role per tenant, and this way we will end too many roles (which we tried to avoid by not having user level permissions).
Instead, cannot we have few roles (not role per user). For example, we can have a DocAdmin role which we assign as the owner of documents. We can add remove users to the role as needed. Above was only an example. But point is only define few roles, not one per user. --Srinath On Wed, Jul 24, 2013 at 10:59 PM, Senaka Fernando <[email protected]> wrote: > Hi Amila, Srinath, > > Authorize permission does exactly what you meant by this new permission. > However, the issue is we only have role-based permissions and no user-based > permissions, which is why we need to create a role and add users to that > role in order to grant permissions. We have realized that user-based > permissions wont scale, which is why we got rid of that from the kernel. > > Also, there were other pros related to having a role-per-asset model, > which is being able to support situations of people leaving where we can > easily add another user to the roles in which the current user was in, but > with per user permissions, the management aspect becomes very complicated. > These were all discussed during the WSO2 Store milestone meeting. > > Thanks, > Senaka. > > On Tue, Jul 23, 2013 at 5:46 PM, Amila Suriarachchi <[email protected]>wrote: > >> >> >> >> On Tue, Jul 23, 2013 at 2:17 PM, Senaka Fernando <[email protected]> wrote: >> >>> Hi all, >>> >>> This is WRT, #1725 on Redmine. >>> >>> +++++++++++++++++++++ >>> The idea is to create a special role that gives READ, WRITE, DELETE and >>> AUTHORIZE access to a particular asset making it possible for a particular >>> user or set of users take ownership of it. This thought came up during a >>> WSO2 Store Milestone Planning Meeting, and mimics the functionality of >>> Google Docs. >>> +++++++++++++++++++++ >>> >> >> What about defining a new Permission called RWDA (which means if a user >> has this permission they can do all tasks) for each assert? Then we can >> assign give this permission to who ever user need that. >> >> thanks, >> Amila. >> >> >>> >>> Before going ahead with this, we have a few things to get clarified. >>> >>> 1. How would this role be named? This shouldn't be the name of the Asset >>> itself, because there can be multiple assets by the same name. It even cant >>> be name + namespace (or similar prefix/postfix), because there can be >>> assets that differ by version. So, what's the best way to name it? >>> >>> 2. How should we be displaying this role in the management console? >>> Should it show up just like any other role, or is there some special >>> treatment in the Registry Browser? Since the role and the asset are 1-to-1, >>> we shouldn't be displaying such roles against other assets, which makes it >>> require some special treatment. >>> >>> 3. Is it just one such role or more? For instance, G-Docs has three >>> types of privileges when it comes to sharing (i.e. View, Edit, Owner). >>> >>> Appreciate some quick responses on these in order to make it possible >>> for us to ship this with G-Reg 4.6.0, making it available for WSO2 Store >>> etc. >>> >>> Thanks, >>> Senaka. >>> >>> -- >>> * <http://us13.wso2con.com/> >>> * >>> * >>> * >>> *Senaka Fernando* >>> Senior Technical Lead; WSO2 Inc.; http://wso2.com* >>> Member; Apache Software Foundation; http://apache.org >>> >>> E-mail: senaka AT wso2.com >>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>> Linked-In: http://linkedin.com/in/senakafernando >>> >>> *Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Amila Suriarachchi* >> >> Software Architect >> WSO2 Inc. ; http://wso2.com >> >> lean . enterprise . middleware >> >> phone : +94 71 3082805 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > * <http://us13.wso2con.com/> > * > * > * > *Senaka Fernando* > Senior Technical Lead; WSO2 Inc.; http://wso2.com* > Member; Apache Software Foundation; http://apache.org > > E-mail: senaka AT wso2.com > **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 > Linked-In: http://linkedin.com/in/senakafernando > > *Lean . Enterprise . Middleware > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- ============================ Srinath Perera, Ph.D. http://people.apache.org/~hemapani/ http://srinathsview.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
