On Fri, Oct 7, 2011 at 1:07 AM, Nuwan Bandara <[email protected]> wrote:
> Hi Tharindu, > > If I have explicitly given User-Y read permission for the User-X s > resources then its for certain extent fine, but In this case user-Y only > have login permission. > > but anyway if I do a getConfigUserRegistry() I am expecting a registry > space which is only accessible for that particular user, else whats the > point ? > > Answer below. > Regards, > /Nuwan > > > On Fri, Oct 7, 2011 at 1:01 AM, Thilina Buddhika <[email protected]>wrote: > >> Then why are we taking an additional parameter "username" to the >> method getConfigUserRegistry(String userName, int tenantId) ? >> >> Also what is the difference of the registry instances returned from >> getConfigSystemRegistry(int tenantId) and getConfigUserRegistry(String >> userName, int tenantId) ? >> > system registry is for system tasks. It has high privileges, just like an admin user or more, which is needed for system tasks. user registry, is for that user's tasks. So, if you get user X's registry, you get the registry with that user's privileges. If he cannot read resource /abc/foo, then you can't get and read that resource, with user X's registry. You are confusing tenant spaces with user spaces. When you pass the tenant id, you get that tenant's registry, which is isolated from other tenants. Tenant spaces and user registry are orthogonal concepts. > >> Thanks, >> Thilina >> >> >> On Fri, Oct 7, 2011 at 12:54 AM, Tharindu Mathew <[email protected]>wrote: >> >>> For Nuwan's question, the simple answer is no. >>> >>> If you have read permissions for that user Y of user X's resource, user Y >>> can view it. >>> >>> Separate registry spaces are only present per tenant. >>> >>> >>> On Fri, Oct 7, 2011 at 12:40 AM, Thilina Buddhika <[email protected]>wrote: >>> >>>> Actually we had used governance user registry in permission update task, >>>> not config user registry. >>>> >>>> Thanks, >>>> Thilina >>>> >>>> >>>> On Fri, Oct 7, 2011 at 12:11 AM, Thilina Buddhika <[email protected]>wrote: >>>> >>>>> Hi Nuwan, >>>>> >>>>> On Thu, Oct 6, 2011 at 11:48 PM, Nuwan Bandara <[email protected]> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I am aware that we have a separate isolated registry space for each >>>>>> tenant. However do we have the same for a user. >>>>>> >>>>> >>>>> Yes. >>>>> >>>>> >>>>>> >>>>>> if I want to take a user's registry and put a value, can another user >>>>>> with registry browse permission can see that value. >>>>>> >>>>>> ie. >>>>>> >>>>>> User-X and User-Y are in the same tenant = 1 >>>>>> >>>>>> login as user-X >>>>>> >>>>>> registry = getConfigUserRegistry(1); >>>>>> registry.put("repository/foo", bar); >>>>>> >>>>>> and login as user-Y >>>>>> >>>>>> registry = getConfigUserRegistry(1); >>>>>> registry.get("repository/foo") >>>>>> >>>>>> will the result be "bar" ? >>>>>> >>>>> >>>>> You will not be allowed to access this resource. I am sure that this >>>>> permission model is working fine, because there was an issue in the >>>>> permission update task where it had written a flag to the user space >>>>> rather >>>>> than the system space. >>>>> >>>>> Thanks, >>>>> Thilina >>>>> >>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Thanks & Regards, >>>>>> >>>>>> Nuwan Bandara >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. | http://wso2.com >>>>>> lean . enterprise . middleware >>>>>> >>>>>> http://nuwan.bandara.co >>>>>> * >>>>>> <http://www.nuwanbando.com/> >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> [email protected] >>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thilina Buddhika >>>>> Associate Technical Lead >>>>> >>>>> WSO2 Inc. ; http://wso2.com >>>>> lean . enterprise . middleware >>>>> >>>>> phone : +94 77 44 88 727 >>>>> blog : http://blog.thilinamb.com >>>>> >>>> >>>> >>>> >>>> -- >>>> Thilina Buddhika >>>> Associate Technical Lead >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 77 44 88 727 >>>> blog : http://blog.thilinamb.com >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> Regards, >>> >>> Tharindu >>> >>> blog: http://mackiemathew.com/ >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thilina Buddhika >> Associate Technical Lead >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > *Thanks & Regards, > > Nuwan Bandara > Senior Software Engineer > WSO2 Inc. | http://wso2.com > lean . enterprise . middleware > > http://nuwan.bandara.co > * > <http://www.nuwanbando.com/> > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Regards, Tharindu blog: http://mackiemathew.com/
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
