Hi On Fri, Oct 7, 2011 at 1:18 AM, Tharindu Mathew <[email protected]> wrote:
> > > On Fri, Oct 7, 2011 at 1:07 AM, Nuwan Bandara <[email protected]> wrote: > >> Hi Tharindu, >> >> If I have explicitly given User-Y read permission for the User-X s >> resources then its for certain extent fine, but In this case user-Y only >> have login permission. >> >> but anyway if I do a getConfigUserRegistry() I am expecting a registry >> space which is only accessible for that particular user, else whats the >> point ? >> >> Answer below. > >> Regards, >> /Nuwan >> >> >> On Fri, Oct 7, 2011 at 1:01 AM, Thilina Buddhika <[email protected]>wrote: >> >>> Then why are we taking an additional parameter "username" to the >>> method getConfigUserRegistry(String userName, int tenantId) ? >>> >>> Also what is the difference of the registry instances returned from >>> getConfigSystemRegistry(int tenantId) and getConfigUserRegistry(String >>> userName, int tenantId) ? >>> >> system registry is for system tasks. It has high privileges, just like an > admin user or more, which is needed for system tasks. > > user registry, is for that user's tasks. So, if you get user X's registry, > you get the registry with that user's privileges. If he cannot read resource > /abc/foo, then you can't get and read that resource, with user X's registry. > Okey, in my above code snippet, I am (as admin) adding a resource to the user's config registry (getConfigUserRegistry()), Then I login as user-X who has login permission, and from the code, I am again getting getConfigUserRegistry() and try to get the same resource from the added path. And without an issue I am able to retrieve this resource. Is this by design ? (in this scenarion am not doing any changes to the permissions, simply the defaults.) Regards /nuwan > > You are confusing tenant spaces with user spaces. When you pass the tenant > id, you get that tenant's registry, which is isolated from other tenants. > Tenant spaces and user registry are orthogonal concepts. > >> >>> Thanks, >>> Thilina >>> >>> >>> On Fri, Oct 7, 2011 at 12:54 AM, Tharindu Mathew <[email protected]>wrote: >>> >>>> For Nuwan's question, the simple answer is no. >>>> >>>> If you have read permissions for that user Y of user X's resource, user >>>> Y can view it. >>>> >>>> Separate registry spaces are only present per tenant. >>>> >>>> >>>> On Fri, Oct 7, 2011 at 12:40 AM, Thilina Buddhika <[email protected]>wrote: >>>> >>>>> Actually we had used governance user registry in permission update >>>>> task, not config user registry. >>>>> >>>>> Thanks, >>>>> Thilina >>>>> >>>>> >>>>> On Fri, Oct 7, 2011 at 12:11 AM, Thilina Buddhika >>>>> <[email protected]>wrote: >>>>> >>>>>> Hi Nuwan, >>>>>> >>>>>> On Thu, Oct 6, 2011 at 11:48 PM, Nuwan Bandara <[email protected]>wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I am aware that we have a separate isolated registry space for each >>>>>>> tenant. However do we have the same for a user. >>>>>>> >>>>>> >>>>>> Yes. >>>>>> >>>>>> >>>>>>> >>>>>>> if I want to take a user's registry and put a value, can another user >>>>>>> with registry browse permission can see that value. >>>>>>> >>>>>>> ie. >>>>>>> >>>>>>> User-X and User-Y are in the same tenant = 1 >>>>>>> >>>>>>> login as user-X >>>>>>> >>>>>>> registry = getConfigUserRegistry(1); >>>>>>> registry.put("repository/foo", bar); >>>>>>> >>>>>>> and login as user-Y >>>>>>> >>>>>>> registry = getConfigUserRegistry(1); >>>>>>> registry.get("repository/foo") >>>>>>> >>>>>>> will the result be "bar" ? >>>>>>> >>>>>> >>>>>> You will not be allowed to access this resource. I am sure that this >>>>>> permission model is working fine, because there was an issue in the >>>>>> permission update task where it had written a flag to the user space >>>>>> rather >>>>>> than the system space. >>>>>> >>>>>> Thanks, >>>>>> Thilina >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Thanks & Regards, >>>>>>> >>>>>>> Nuwan Bandara >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc. | http://wso2.com >>>>>>> lean . enterprise . middleware >>>>>>> >>>>>>> http://nuwan.bandara.co >>>>>>> * >>>>>>> <http://www.nuwanbando.com/> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> [email protected] >>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thilina Buddhika >>>>>> Associate Technical Lead >>>>>> >>>>>> WSO2 Inc. ; http://wso2.com >>>>>> lean . enterprise . middleware >>>>>> >>>>>> phone : +94 77 44 88 727 >>>>>> blog : http://blog.thilinamb.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thilina Buddhika >>>>> Associate Technical Lead >>>>> WSO2 Inc. ; http://wso2.com >>>>> lean . enterprise . middleware >>>>> >>>>> phone : +94 77 44 88 727 >>>>> blog : http://blog.thilinamb.com >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Regards, >>>> >>>> Tharindu >>>> >>>> blog: http://mackiemathew.com/ >>>> >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> Thilina Buddhika >>> Associate Technical Lead >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> *Thanks & Regards, >> >> Nuwan Bandara >> Senior Software Engineer >> WSO2 Inc. | http://wso2.com >> lean . enterprise . middleware >> >> http://nuwan.bandara.co >> * >> <http://www.nuwanbando.com/> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Regards, > > Tharindu > > blog: http://mackiemathew.com/ > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Thanks & Regards, Nuwan Bandara Senior Software Engineer WSO2 Inc. | http://wso2.com lean . enterprise . middleware http://nuwan.bandara.co * <http://www.nuwanbando.com/>
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
