How does that work, if we need to have tenant isolation?
On Thu, Jul 25, 2013 at 11:00 AM, Srinath Perera <[email protected]> wrote: > Hi Senaka, > > IMHO, we should not define a role per tenant, and this way we will end too > many roles (which we tried to avoid by not having user level permissions). > > Instead, cannot we have few roles (not role per user). For example, we can > have a DocAdmin role which we assign as the owner of documents. We can add > remove users to the role as needed. Above was only an example. But point is > only define few roles, not one per user. > > --Srinath > > > On Wed, Jul 24, 2013 at 10:59 PM, Senaka Fernando <[email protected]> wrote: > >> Hi Amila, Srinath, >> >> Authorize permission does exactly what you meant by this new permission. >> However, the issue is we only have role-based permissions and no user-based >> permissions, which is why we need to create a role and add users to that >> role in order to grant permissions. We have realized that user-based >> permissions wont scale, which is why we got rid of that from the kernel. >> >> Also, there were other pros related to having a role-per-asset model, >> which is being able to support situations of people leaving where we can >> easily add another user to the roles in which the current user was in, but >> with per user permissions, the management aspect becomes very complicated. >> These were all discussed during the WSO2 Store milestone meeting. >> >> Thanks, >> Senaka. >> >> On Tue, Jul 23, 2013 at 5:46 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> >>> >>> >>> On Tue, Jul 23, 2013 at 2:17 PM, Senaka Fernando <[email protected]>wrote: >>> >>>> Hi all, >>>> >>>> This is WRT, #1725 on Redmine. >>>> >>>> +++++++++++++++++++++ >>>> The idea is to create a special role that gives READ, WRITE, DELETE and >>>> AUTHORIZE access to a particular asset making it possible for a particular >>>> user or set of users take ownership of it. This thought came up during a >>>> WSO2 Store Milestone Planning Meeting, and mimics the functionality of >>>> Google Docs. >>>> +++++++++++++++++++++ >>>> >>> >>> What about defining a new Permission called RWDA (which means if a user >>> has this permission they can do all tasks) for each assert? Then we can >>> assign give this permission to who ever user need that. >>> >>> thanks, >>> Amila. >>> >>> >>>> >>>> Before going ahead with this, we have a few things to get clarified. >>>> >>>> 1. How would this role be named? This shouldn't be the name of the >>>> Asset itself, because there can be multiple assets by the same name. It >>>> even cant be name + namespace (or similar prefix/postfix), because there >>>> can be assets that differ by version. So, what's the best way to name it? >>>> >>>> 2. How should we be displaying this role in the management console? >>>> Should it show up just like any other role, or is there some special >>>> treatment in the Registry Browser? Since the role and the asset are 1-to-1, >>>> we shouldn't be displaying such roles against other assets, which makes it >>>> require some special treatment. >>>> >>>> 3. Is it just one such role or more? For instance, G-Docs has three >>>> types of privileges when it comes to sharing (i.e. View, Edit, Owner). >>>> >>>> Appreciate some quick responses on these in order to make it possible >>>> for us to ship this with G-Reg 4.6.0, making it available for WSO2 Store >>>> etc. >>>> >>>> Thanks, >>>> Senaka. >>>> >>>> -- >>>> * <http://us13.wso2con.com/> >>>> * >>>> * >>>> * >>>> *Senaka Fernando* >>>> Senior Technical Lead; WSO2 Inc.; http://wso2.com* >>>> Member; Apache Software Foundation; http://apache.org >>>> >>>> E-mail: senaka AT wso2.com >>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>> Linked-In: http://linkedin.com/in/senakafernando >>>> >>>> *Lean . Enterprise . Middleware >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Amila Suriarachchi* >>> >>> Software Architect >>> WSO2 Inc. ; http://wso2.com >>> >>> lean . enterprise . middleware >>> >>> phone : +94 71 3082805 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> * <http://us13.wso2con.com/> >> * >> * >> * >> *Senaka Fernando* >> Senior Technical Lead; WSO2 Inc.; http://wso2.com* >> Member; Apache Software Foundation; http://apache.org >> >> E-mail: senaka AT wso2.com >> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >> Linked-In: http://linkedin.com/in/senakafernando >> >> *Lean . Enterprise . Middleware >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > ============================ > Srinath Perera, Ph.D. > http://people.apache.org/~hemapani/ > http://srinathsview.blogspot.com/ > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks, Samisa... Samisa Abeysinghe VP Engineering WSO2 Inc. http://wso2.com http://wso2.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
