In the user-mgt.xml we have,
<Configuration>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default
users in this role sees the registry root --> </Configuration>
It seems there is no real admin user or admin role concept in carbon. What
it does is create a user with the given user name and password and assign a
role to that user given in Admin Role.
Then this admin role is assigned all the permissions given in the
compoent.xml files.
In otherwords we only have the static permissions we define before the
server starts. But there can be stituations where we need to create
resourceIDs and assign permissions to them at system runtime. eg. adding
queues, topics.
And also I am not sure how this model work with XCMAL polices or with tenant
configuration where we talk about a tenant Admin.
thanks,
Amila.
On Tue, May 17, 2011 at 9:21 AM, Amila Suriarachchi <[email protected]> wrote:
> User manager.xml
>
> thanks,
> Amila.
>
>
> On Tue, May 17, 2011 at 9:19 AM, Amila Suriarachchi <[email protected]>wrote:
>
>>
>>
>> On Mon, May 16, 2011 at 6:58 PM, Dimuthu Leelarathne
>> <[email protected]>wrote:
>>
>>> hi,
>>>
>>> On Mon, May 16, 2011 at 8:23 AM, Amila Suriarachchi <[email protected]>wrote:
>>>
>>>> hi,
>>>>
>>>> This is regarding this issue[1].
>>>>
>>>> Can we change the admin role name? if so what is the meaning of the
>>>> ADMIN_ROLE = "admin" in
>>>> org.wso2.carbon.utils.ServerConstants?
>>>>
>>>>
>>> We don't have a hard-coded admin rolename.
>>> +1 for removing it or if it is used for some other purpose rename it.
>>>
>>
>> I renamed the admin and every one Roles. But still see the admin role as.
>>
>> Please see the attachments.
>>
>> thanks,
>> Amila,
>>
>>>
>>> tx,
>>> dimuthul
>>>
>>>
>>>> And also,
>>>>
>>>> userRealm.getAuthorizationManager().isUserAuthorized(
>>>> loggedInUser, topicResourcePath,
>>>>
>>>> EventBrokerConstants.EB_PERMISSION_CHANGE_PERMISSION)
>>>>
>>>> returns false if user is not explicitly given the permission to that
>>>> resource. But in carbon there is a convention to
>>>> allow any user in admin role to do any activity. Then why don't we add
>>>> that rule too to the user manager.
>>>>
>>>> Then everyone does not have to repeat admin role check every where.
>>>>
>>>> thanks,
>>>> Amila.
>>>>
>>>>
>>>> [1] https://wso2.org/jira/browse/CARBON-9959
>>>>
>>>> _______________________________________________
>>>> Carbon-dev mailing list
>>>> [email protected]
>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Carbon-dev mailing list
>>> [email protected]
>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>>
>>
>
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
