On Thu, May 26, 2011 at 12:42 PM, Dimuthu Leelarathne <dimut...@wso2.com>wrote:
> Hi, > > On Thu, May 26, 2011 at 11:17 AM, Amila Suriarachchi <am...@wso2.com>wrote: > >> Role is a set of permissions (i.e resouceid + action). Resource id or >> resource is always specific to a system. There for a role is defined for a >> given system. Therefore it is a external roles is a confusing idea. >> > >> And also we need to have a clear definition about adminRole. If I engaged >> UT for a service and set a role like myRole, and invoke the service as admin >> (who is in adminRole) it won't work. Same thing happens with XCMAL as well. >> >> > It is wrong to assume that admin can access all deployed services. Admin is > the admin for all admin console. > In General Admin means a user who can access every thing. In this case I think it is better to rename it as adminConsoleAdmin and AdminConsoleAdminRole. thanks, Amila. > > thanks, > dimuthu > > > >> thanks, >> Amila. >> >> >>> >>> [1] https://wso2.org/jira/browse/CARBON-9195 >>> >>> Thanks, >>> Hasini. >>> >>> >>>> thanks, >>>> Amila. >>>> >>>>> >>>>> On Sun, May 22, 2011 at 11:10 AM, Hasini Gunasinghe >>>>> <has...@wso2.com>wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> This is the understanding that I have regarding this. Please correct >>>>>> if anything is wrong. >>>>>> >>>>>> Differentiation of roles as external or internal is based on whether >>>>>> we manage user roles in the user store itself or in internal UM database >>>>>> in >>>>>> a hybrid manner. >>>>>> >>>>>> For an example, we find the above use case with LDAP user store where >>>>>> we can either manage roles in LDAP itself or in internal JDBC database >>>>>> in a >>>>>> hybrid manner (basically when user store is read only). >>>>>> >>>>>> In that case, internal role means: if a role is managed in internal UM >>>>>> database in a hybrid manner. >>>>>> external role means: if a role is managed in LDAP >>>>>> user store - can be either embedded LDAP or external LDAP. >>>>>> >>>>>> >>>>> Roles defined in embedded LDAP are not external. >>>>> >>>>> It really doesn't matter whether the underlying implementation is JDBC >>>>> or LDAP. Users should not be worrying about underlying implementation. >>>>> >>>>> tx, >>>>> dimuthul >>>>> >>>>> >>>>> >>>>>> I think above mail is related to issue: >>>>>> https://wso2.org/jira/browse/CARBON-9195. The issue reported there is >>>>>> the default behavior according to above understanding. >>>>>> Because JDBC user store manager handles roles in hybrid manner only >>>>>> when "read only" property is set to true in user-mgt.xml. >>>>>> >>>>>> Thanks, >>>>>> Hasini. >>>>>> >>>>>> On Fri, May 6, 2011 at 11:09 AM, Amila Jayasekara <ami...@wso2.com>wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> How do we define whether a particular role is internal or external ? >>>>>>> (Role type) >>>>>>> >>>>>>> After a chat with Pavithra, we came to following conclusion. >>>>>>> >>>>>>> If a role is defined within a server we treat those as internal >>>>>>> roles. >>>>>>> If a server reads role information from some other user store we >>>>>>> consider those as external roles. >>>>>>> >>>>>>> If above definition is not correct, please advice. >>>>>>> >>>>>>> Thanks >>>>>>> AmilaJ >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> Carbon-dev@wso2.org >>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> Carbon-dev@wso2.org >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>> >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
