Hi, Please see my comments inline.
On Tue, May 17, 2011 at 9:34 AM, Amila Suriarachchi <[email protected]> wrote: > In the user-mgt.xml we have, > > <Configuration> > <AdminRole>admin</AdminRole> > <AdminUser> > <UserName>admin</UserName> > <Password>admin</Password> > </AdminUser> > <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default > users in this role sees the registry root --> </Configuration> > > It seems there is no real admin user or admin role concept in carbon. What > it does is create a user with the given user name and password and assign a > role to that user given in Admin Role. > > Then this admin role is assigned all the permissions given in the > compoent.xml files. > > In otherwords we only have the static permissions we define before the > server starts. But there can be stituations where we need to create > resourceIDs and assign permissions to them at system runtime. eg. adding > queues, topics. > And also I am not sure how this model work with XCMAL polices or with > tenant configuration where we talk about a tenant Admin. > > You can define dynamic permissions. Otherwise how can users give permissions to newly created resources in registry? tx, dimuthu > thanks, > Amila. > > > > > On Tue, May 17, 2011 at 9:21 AM, Amila Suriarachchi <[email protected]>wrote: > >> User manager.xml >> >> thanks, >> Amila. >> >> >> On Tue, May 17, 2011 at 9:19 AM, Amila Suriarachchi <[email protected]>wrote: >> >>> >>> >>> On Mon, May 16, 2011 at 6:58 PM, Dimuthu Leelarathne >>> <[email protected]>wrote: >>> >>>> hi, >>>> >>>> On Mon, May 16, 2011 at 8:23 AM, Amila Suriarachchi <[email protected]>wrote: >>>> >>>>> hi, >>>>> >>>>> This is regarding this issue[1]. >>>>> >>>>> Can we change the admin role name? if so what is the meaning of the >>>>> ADMIN_ROLE = "admin" in >>>>> org.wso2.carbon.utils.ServerConstants? >>>>> >>>>> >>>> We don't have a hard-coded admin rolename. >>>> +1 for removing it or if it is used for some other purpose rename it. >>>> >>> >>> I renamed the admin and every one Roles. But still see the admin role as. >>> >>> >>> Please see the attachments. >>> >>> thanks, >>> Amila, >>> >>>> >>>> tx, >>>> dimuthul >>>> >>>> >>>>> And also, >>>>> >>>>> userRealm.getAuthorizationManager().isUserAuthorized( >>>>> loggedInUser, topicResourcePath, >>>>> >>>>> EventBrokerConstants.EB_PERMISSION_CHANGE_PERMISSION) >>>>> >>>>> returns false if user is not explicitly given the permission to that >>>>> resource. But in carbon there is a convention to >>>>> allow any user in admin role to do any activity. Then why don't we add >>>>> that rule too to the user manager. >>>>> >>>>> Then everyone does not have to repeat admin role check every where. >>>>> >>>>> thanks, >>>>> Amila. >>>>> >>>>> >>>>> [1] https://wso2.org/jira/browse/CARBON-9959 >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >> > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
