Hi, On Tue, May 17, 2011 at 9:34 AM, Amila Suriarachchi <[email protected]> wrote:
> In the user-mgt.xml we have, > > <Configuration> > <AdminRole>admin</AdminRole> > <AdminUser> > <UserName>admin</UserName> > <Password>admin</Password> > </AdminUser> > <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default > users in this role sees the registry root --> </Configuration> > > It seems there is no real admin user or admin role concept in carbon. What > it does is create a user with the given user name and password and assign a > role to that user given in Admin Role. > > Then this admin role is assigned all the permissions given in the > compoent.xml files. > > In otherwords we only have the static permissions we define before the > server starts. But there can be stituations where we need to create > resourceIDs and assign permissions to them at system runtime. eg. adding > queues, topics. > And also I am not sure how this model work with XCMAL polices or with > tenant configuration where we talk about a tenant Admin. > > Permission consist of three things - String entityName, String resourceId, String action Here action is fixed. You can have any string for entity and resource. The only reason action is fixed due to our cache implementation. So if you want to write to a queue, you can say. entryName, queueName, write If you want to read to a queue, you can say entryName, queueName, write tx, dimuthu > thanks, > Amila. > > > > > On Tue, May 17, 2011 at 9:21 AM, Amila Suriarachchi <[email protected]>wrote: > >> User manager.xml >> >> thanks, >> Amila. >> >> >> On Tue, May 17, 2011 at 9:19 AM, Amila Suriarachchi <[email protected]>wrote: >> >>> >>> >>> On Mon, May 16, 2011 at 6:58 PM, Dimuthu Leelarathne >>> <[email protected]>wrote: >>> >>>> hi, >>>> >>>> On Mon, May 16, 2011 at 8:23 AM, Amila Suriarachchi <[email protected]>wrote: >>>> >>>>> hi, >>>>> >>>>> This is regarding this issue[1]. >>>>> >>>>> Can we change the admin role name? if so what is the meaning of the >>>>> ADMIN_ROLE = "admin" in >>>>> org.wso2.carbon.utils.ServerConstants? >>>>> >>>>> >>>> We don't have a hard-coded admin rolename. >>>> +1 for removing it or if it is used for some other purpose rename it. >>>> >>> >>> I renamed the admin and every one Roles. But still see the admin role as. >>> >>> >>> Please see the attachments. >>> >>> thanks, >>> Amila, >>> >>>> >>>> tx, >>>> dimuthul >>>> >>>> >>>>> And also, >>>>> >>>>> userRealm.getAuthorizationManager().isUserAuthorized( >>>>> loggedInUser, topicResourcePath, >>>>> >>>>> EventBrokerConstants.EB_PERMISSION_CHANGE_PERMISSION) >>>>> >>>>> returns false if user is not explicitly given the permission to that >>>>> resource. But in carbon there is a convention to >>>>> allow any user in admin role to do any activity. Then why don't we add >>>>> that rule too to the user manager. >>>>> >>>>> Then everyone does not have to repeat admin role check every where. >>>>> >>>>> thanks, >>>>> Amila. >>>>> >>>>> >>>>> [1] https://wso2.org/jira/browse/CARBON-9959 >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >> > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
