[GitHub] brooklyn-server pull request: New PerUserEntitlementManager keywor...

Thu, 07 Apr 2016 09:26:35 -0700 

GitHub user sjcorbett opened a pull request:

    https://github.com/apache/brooklyn-server/pull/108

    New PerUserEntitlementManager keyword: user

    `PerUserEntitlementManager` transforms the "user" keyword into an 
entitlement to everything but the most privileged actions (everything but 
`ROOT` and `SEE_ALL_SERVER_INFO`). Practically this means a user can do 
everything but: use `ScriptApi` to run any Groovy, stop the server, access 
management context configuration via `ServerApi`, reload Brooklyn properties 
and export persistence data.
    
    I wasn't sure about the choice of "user" for the keyword. I wanted to 
indicate that it was a step down from "root". Other ideas people gave me 
include "manager" and "administrator", neither of which are hugely satisfactory 
to me. Suggestions welcome.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sjcorbett/brooklyn-server 
feature/more-entitlements

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/brooklyn-server/pull/108.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #108
    
----
commit 6a78e8190b779ed8fc42850d94f185c73a44964a
Author: Sam Corbett <[email protected]>
Date:   2016-04-07T14:49:59Z

    Add SEE_CATALOG_ITEM to readOnly entitlement group

commit bd11f62188c16646a6cdc264718c041cac273cbe
Author: Sam Corbett <[email protected]>
Date:   2016-04-07T14:53:54Z

    Adds a new entitlement group for regular access
    
    It is intended to disallow access to destructive server methods, thus
    forbids ROOT and SEE_ALL_SERVER_INFO classes.

commit 50c3e81a7117e8050c3728aa803d90925ae02d6a
Author: Sam Corbett <[email protected]>
Date:   2016-04-07T14:54:47Z

    Add actions to SEE_ALL_SERVER_INFO entitlement group
    
    Groovy console and reloading Brookyln properties.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to