Hi Dulitha, Your points are valid, we will check on these for an upcoming release, most probably DAS v3.2.0, we just have to carefully check for all the scenarios on how this will work out, there can be some scenarios that can be tricky, but we should be able to figure them out.
Cheers, Anjana. On Thu, Jun 30, 2016 at 12:40 PM, Sinthuja Ragendran <[email protected]> wrote: > Hi Dulitha, > > On Wed, Jun 29, 2016 at 10:24 PM, Dulitha Wijewantha <[email protected]> > wrote: > >> Hi guys, >> Below are somethings I noted when I was writing dashboards for an >> analytics solution. >> >> 1) oAuth protected APIs should be used to retrieve data for gadgets >> >> 2) There should be a way to restrict data for users inside a tenant >> > > +1 for above two. And I too think we should bring more fine grained > authorization model for DAS layer, at least in the table/stream level such > that only role-A should be able to access it not all. And again there could > be different level of access per stream/table, some users can only fetch > the data, some can only send, and only some can delete it. > > We had similar requirement on dashboard server to protect a dashboard, and > then we came up with a model to create some internal roles per dashboard > during the dashboard creation time, and assign the user who is creating the > dashboard for those internal role by default. Hence only he/she can perform > any actions on the dashboard and it's private for him/her. If the user > would like to share the dashboard, then he/she assign users independently > for the internal roles created or assign a new role for the particular > action. > > I think similarly we can handle for the tables as well. > >> >> 3) If the user doesn't have authorization to view the data - he shouldn't >> be able to view the corresponding visualization on the dashboard server and >> vice versa. >> > > This is bit tricky, as the authorization from dashboard page is something > only required if there are any analytics related gadgets have been included > in the dashboard page, and for others this will not be an issue. We need to > properly handle this case if we include such feature. > > Thanks, > Sinthuja. > > >> >> Cheers~ >> -- >> Dulitha Wijewantha (Chan) >> Software Engineer - Mobile Development >> WSO2 Inc >> Lean.Enterprise.Middleware >> * ~Email [email protected] <[email protected]>* >> * ~Mobile +94712112165 <%2B94712112165>* >> * ~Website dulitha.me <http://dulitha.me>* >> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >> *~Github @dulichan <https://github.com/dulichan>* >> *~SO @chan <http://stackoverflow.com/users/813471/chan>* >> > > > > -- > *Sinthuja Rajendran* > Technical Lead > WSO2, Inc.:http://wso2.com > > Blog: http://sinthu-rajan.blogspot.com/ > Mobile: +94774273955 > > > -- *Anjana Fernando* Senior Technical Lead WSO2 Inc. | http://wso2.com lean . enterprise . middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
