Hi Manu,
On Tue, Jun 7, 2016 at 3:24 PM, Manuranga Perera <[email protected]> wrote:
> Following names make sense as roles:
>
> - internal/dashboard/{dashboardID}/editor
> - internal/dashboard/{dashboardID}/viewer
>
> but
>
> - internal/dashboard/{dashboardID}/settings
> - internal/dashboard/{dashboardID}/delete
>
> Sounds a bit weird for role names. As Suho said, it can be modeled as
> permissions as well.
>
If we want to model with the permissions then we should be able to add the
permissions dynamically, but this is not possible with current carbon -
4.x. And as I have mentioned above, this cannot be included in the global
level as well, because having a settings or delete privileges for dashboard
- X, doesn't mean you have the same privileges for dashboard - Y. And hence
we thought of going with roles approach for this one as well. I agree, the
role names for settings and delete is bit odd, we need to come up with
proper names for those. :)
>
> 1) Do you intend to add people to each via DS UI? (In that case roles
> might be easier)
>
The dashboard creator will be automatically assigned to all of the above
mentioned roles. If he/she want to share with some additional group/role,
he/she can add to the allowed roles list. In the case that if he/she wants
to share only with some users, they needs to be added to management UI. But
I agree, to have the proper flow we need to have UI in DS side for this.
2) Does "settings" make sense, because if you are an editor, anyway you'll
> have full access to the JSON, don't you?
>
In settings you have the full privileges, ie, you can even remove the user
who initially created the dashboard, IMHO it provides the full control of
the dashboard. Designer doesn't have such privileges, he/she can only
add/remove gadgets, pages etc which is related to designing the dashboard.
Therefore we need to have a different role to control the access of the
settings page.
Thanks,
Sinthuja.
> On Tue, Jun 7, 2016 at 7:59 AM, Sinthuja Ragendran <[email protected]>
> wrote:
>
>> According to the chat I had with Johann, we have came up with this model.
>> Basically as per now in C4 we don't have a way to add a permission
>> dynamically, and similar requirement has been raised in IS as well and they
>> have come up with this model.
>>
>> The main reason for this is, there might be some dashboard that you are
>> working on and want to share between some users and grant some privileges.
>> It's not doable with global permission, bcz having an edit permission for
>> say sales dashboard doesn't mean you have the permission for admin
>> dashboard. Therefore this needs to be controlled per dashboard, not
>> globally.
>>
>> Thanks,
>> Sinthuja.
>>
>> On Tue, Jun 7, 2016 at 11:12 AM, Sriskandarajah Suhothayan <[email protected]
>> > wrote:
>>
>>> Why are we not using different permissions for each dashboard than using
>>> roles. I believe using permissions will be more scalable than using roles.
>>> WDYT?
>>>
>>> Regards
>>> Suho
>>>
>>> On Tue, Jun 7, 2016 at 2:38 PM, Nisala Nanayakkara <[email protected]>
>>> wrote:
>>>
>>>> Hi Udara,
>>>>
>>>> Since these are internal roles, they are not stored in LDAP. So it will
>>>> work fine.
>>>>
>>>> Thanks,
>>>> Nisala
>>>>
>>>> On Tue, Jun 7, 2016 at 10:57 AM, Udara Rathnayake <[email protected]>
>>>> wrote:
>>>>
>>>>> Another question, Is this going to work if we have to connect to a
>>>>> read-only LDAP/A
>>>>> D
>>>>> userstore?
>>>>>
>>>>> On Tue, Jun 7, 2016 at 9:43 AM, Tanya Madurapperuma <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Is this model scalable? Because per dashboard we will have to create
>>>>>> 4 internal roles. So if we have N number of dashboards we will end up
>>>>>> having 4 * N number of internal roles.
>>>>>>
>>>>>> @ IS team : is this approach fine? Or is there any better approach?
>>>>>>
>>>>>> Thanks,
>>>>>> Tanya
>>>>>>
>>>>>> On Mon, Jun 6, 2016 at 3:44 PM, Nisala Nanayakkara <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> adding Johan and Manuranga
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Nisala
>>>>>>>
>>>>>>> On Mon, Jun 6, 2016 at 3:41 PM, Nisala Nanayakkara <[email protected]>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I am working on implementing an access levels model for WSO2
>>>>>>>> Dashboard Server. Currently global permission model for
>>>>>>>> create/delete/login
>>>>>>>> is implemented by Megala. Since it does not support to provide per
>>>>>>>> dashboard level access for the users. I am going to extend it and
>>>>>>>> implement
>>>>>>>> a permission model that can be used to provide per dashboard level
>>>>>>>> access
>>>>>>>> for the users.
>>>>>>>>
>>>>>>>> In order to implement this feature, I am going to add four roles at
>>>>>>>> dashboard creation time as follows,
>>>>>>>>
>>>>>>>> - internal/dashboard/{dashboardID}/editor
>>>>>>>> - internal/dashboard/{dashboardID}/viewer
>>>>>>>> - internal/dashboard/{dashboardID}/settings
>>>>>>>> - internal/dashboard/{dashboardID}/delete
>>>>>>>>
>>>>>>>> At the dashboard creation time, the user who creates the dashboard
>>>>>>>> will get all the four roles. But other users have to get above roles
>>>>>>>> to do
>>>>>>>> appropriate actions to the dashboard. So that we can set above four
>>>>>>>> roles
>>>>>>>> for the users and They will be given different access levels according
>>>>>>>> to
>>>>>>>> their roles.
>>>>>>>>
>>>>>>>> Please feel free to give any feedback.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Nisala
>>>>>>>> --
>>>>>>>> *Nisala Niroshana Nanayakkara,*
>>>>>>>> Software Engineer
>>>>>>>> Mobile:(+94)717600022
>>>>>>>> WSO2 Inc., http://wso2.com/
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Nisala Niroshana Nanayakkara,*
>>>>>>> Software Engineer
>>>>>>> Mobile:(+94)717600022
>>>>>>> WSO2 Inc., http://wso2.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Tanya Madurapperuma
>>>>>>
>>>>>> Senior Software Engineer,
>>>>>> WSO2 Inc. : wso2.com
>>>>>> Mobile : +94718184439
>>>>>> Blog : http://tanyamadurapperuma.blogspot.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> UdaraR
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Nisala Niroshana Nanayakkara,*
>>>> Software Engineer
>>>> Mobile:(+94)717600022
>>>> WSO2 Inc., http://wso2.com/
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> [email protected]
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *S. Suhothayan*
>>> Technical Lead & Team Lead of WSO2 Complex Event Processor
>>> *WSO2 Inc. *http://wso2.com
>>> * <http://wso2.com/>*
>>> lean . enterprise . middleware
>>>
>>>
>>> *cell: (+94) 779 756 757 <%28%2B94%29%20779%20756%20757> | blog:
>>> http://suhothayan.blogspot.com/ <http://suhothayan.blogspot.com/>twitter:
>>> http://twitter.com/suhothayan <http://twitter.com/suhothayan> | linked-in:
>>> http://lk.linkedin.com/in/suhothayan <http://lk.linkedin.com/in/suhothayan>*
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> *Sinthuja Rajendran*
>> Technical Lead
>> WSO2, Inc.:http://wso2.com
>>
>> Blog: http://sinthu-rajan.blogspot.com/
>> Mobile: +94774273955
>>
>>
>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> With regards,
> *Manu*ranga Perera.
>
> phone : 071 7 70 20 50
> mail : [email protected]
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
*Sinthuja Rajendran*
Technical Lead
WSO2, Inc.:http://wso2.com
Blog: http://sinthu-rajan.blogspot.com/
Mobile: +94774273955
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
