No, what I mean is have few roles per tenant, which we will use to own documents. For example, if u think about WSO2 case, we can have engDocAdmin, FinanceDocAdmin etc .. few not per user.
Samisa, I did not understood the Q. I will chat f2f. --Srinath On Thu, Jul 25, 2013 at 11:28 AM, Eranda Sooriyabandara <[email protected]>wrote: > Hi Srinath, > > > On Thu, Jul 25, 2013 at 11:00 AM, Srinath Perera <[email protected]> wrote: > >> Hi Senaka, >> >> IMHO, we should not define a role per tenant, and this way we will end >> too many roles (which we tried to avoid by not having user level >> permissions). >> >> Instead, cannot we have few roles (not role per user). For example, we >> can have a DocAdmin role which we assign as the owner of documents. We can >> add remove users to the role as needed. Above was only an example. But >> point is only define few roles, not one per user. >> > > If I am not mistaken, again we are ending up with Role per Asset. Isn't it > the case? > > thanks > Eranda > > >> >> --Srinath >> >> >> On Wed, Jul 24, 2013 at 10:59 PM, Senaka Fernando <[email protected]>wrote: >> >>> Hi Amila, Srinath, >>> >>> Authorize permission does exactly what you meant by this new permission. >>> However, the issue is we only have role-based permissions and no user-based >>> permissions, which is why we need to create a role and add users to that >>> role in order to grant permissions. We have realized that user-based >>> permissions wont scale, which is why we got rid of that from the kernel. >>> >>> Also, there were other pros related to having a role-per-asset model, >>> which is being able to support situations of people leaving where we can >>> easily add another user to the roles in which the current user was in, but >>> with per user permissions, the management aspect becomes very complicated. >>> These were all discussed during the WSO2 Store milestone meeting. >>> >>> Thanks, >>> Senaka. >>> >>> On Tue, Jul 23, 2013 at 5:46 PM, Amila Suriarachchi <[email protected]>wrote: >>> >>>> >>>> >>>> >>>> On Tue, Jul 23, 2013 at 2:17 PM, Senaka Fernando <[email protected]>wrote: >>>> >>>>> Hi all, >>>>> >>>>> This is WRT, #1725 on Redmine. >>>>> >>>>> +++++++++++++++++++++ >>>>> The idea is to create a special role that gives READ, WRITE, DELETE >>>>> and AUTHORIZE access to a particular asset making it possible for a >>>>> particular user or set of users take ownership of it. This thought came up >>>>> during a WSO2 Store Milestone Planning Meeting, and mimics the >>>>> functionality of Google Docs. >>>>> +++++++++++++++++++++ >>>>> >>>> >>>> What about defining a new Permission called RWDA (which means if a user >>>> has this permission they can do all tasks) for each assert? Then we can >>>> assign give this permission to who ever user need that. >>>> >>>> thanks, >>>> Amila. >>>> >>>> >>>>> >>>>> Before going ahead with this, we have a few things to get clarified. >>>>> >>>>> 1. How would this role be named? This shouldn't be the name of the >>>>> Asset itself, because there can be multiple assets by the same name. It >>>>> even cant be name + namespace (or similar prefix/postfix), because >>>>> there can be assets that differ by version. So, what's the best way to >>>>> name >>>>> it? >>>>> >>>>> 2. How should we be displaying this role in the management console? >>>>> Should it show up just like any other role, or is there some special >>>>> treatment in the Registry Browser? Since the role and the asset are >>>>> 1-to-1, >>>>> we shouldn't be displaying such roles against other assets, which makes it >>>>> require some special treatment. >>>>> >>>>> 3. Is it just one such role or more? For instance, G-Docs has three >>>>> types of privileges when it comes to sharing (i.e. View, Edit, Owner). >>>>> >>>>> Appreciate some quick responses on these in order to make it possible >>>>> for us to ship this with G-Reg 4.6.0, making it available for WSO2 Store >>>>> etc. >>>>> >>>>> Thanks, >>>>> Senaka. >>>>> >>>>> -- >>>>> * <http://us13.wso2con.com/> >>>>> * >>>>> * >>>>> * >>>>> *Senaka Fernando* >>>>> Senior Technical Lead; WSO2 Inc.; http://wso2.com* >>>>> Member; Apache Software Foundation; http://apache.org >>>>> >>>>> E-mail: senaka AT wso2.com >>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>> >>>>> *Lean . Enterprise . Middleware >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Amila Suriarachchi* >>>> >>>> Software Architect >>>> WSO2 Inc. ; http://wso2.com >>>> >>>> lean . enterprise . middleware >>>> >>>> phone : +94 71 3082805 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> * <http://us13.wso2con.com/> >>> * >>> * >>> * >>> *Senaka Fernando* >>> Senior Technical Lead; WSO2 Inc.; http://wso2.com* >>> Member; Apache Software Foundation; http://apache.org >>> >>> E-mail: senaka AT wso2.com >>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>> Linked-In: http://linkedin.com/in/senakafernando >>> >>> *Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> ============================ >> Srinath Perera, Ph.D. >> http://people.apache.org/~hemapani/ >> http://srinathsview.blogspot.com/ >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Eranda Sooriyabandara > *Senior Software Engineer; > Integration Technologies Team; > WSO2 Inc.; http://wso2.com > Lean . Enterprise . Middleware > > E-mail: eranda AT wso2.com > Mobile: +94 716 472 816 > Linked-In: http://www.linkedin.com/in/erandasooriyabandara > Blog: http://emsooriyabandara.blogspot.com/ > > > > * > * > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- ============================ Srinath Perera, Ph.D. Director, Research, WSO2 Inc. Visiting Faculty, University of Moratuwa Member, Apache Software Foundation Research Scientist, Lanka Software Foundation Blog: http://srinathsview.blogspot.com/ Photos: http://www.flickr.com/photos/hemapani/ Phone: 0772360902
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
