As discussed in the last meeting ([Hamming] Discussion on permission model),
I am documenting the current permission model usages, as a base for the C5
permission model discussions.
1)
Requirement: some actions should be restricted for some users
Eg: GracefullyShutdown should only be executed by an admin user
C4.x way:
GracefullyShutdown service
| Associated with (in code)
v
Permission string = "/Admin/Server/Shutdown" (hardcoded/config)
Action = "ui.execute" (hardcoded)
^
| Has
admin role
^
| Belongs to
admin user
2)
Requirement: some actions on resources should be restricted for some users
Eg: some registry resource should only be changed by developers
C4.x way 1 (Greg):
Resource("/Sys/Gov/Poj/x.wsdl")
| Associated with (in code)
v
Permission string = "/Sys/Gov/Poj/x.wsdl" (automatically calculated)
Action = ["read"|"write"|"delete"|"auth"] (hardcoded)
^
| Has
Dev role
^
| Belongs to
Chamith user
C4.x way 2 (DS/AppF):
Resource("dev-dashboard")
| Associated with (from UI)
v
Dev role
^
| Belongs to
Manu user
3)
Requirement: some actions on resources should be restricted for *a* user
Eg: some registry resource should only deletable by the person who added it
(or admin)
C4.x way 1 (ES):
Resource("/Sys/Gov/callX.wsdl")
| Associated with (in code)
v
Permission string = "/Sys/Gov/callX.wsdl" (automatically calculated)
Action = ["read"|"write"|"delete"|"auth"] (hardcoded)
^
| Has
Manu_private role (automatically calculated)
^
| Belongs to
Manu user
C4.x way 2 ( ?):
Resource("project1/app1")
| Associated with (in code)
v
Permission string = "project1/app1" (automatically calculated)
Action = ["read"|"write"] (hardcoded)
^
| Has
Porject1_app1 role (automatically calculated)
^
| Belongs to
Manu user
--
With regards,
*Manu*ranga Perera.
phone : 071 7 70 20 50
mail : [email protected]
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
