Attached the permission model for Tenant User.
On Sun, Sep 7, 2014 at 3:55 PM, Lasindu Charith <[email protected]> wrote: > Hi all, > > Please find the progress below. > > Carbon User Management feature was installed in p2-profile gen since we > are including user management functionality in Stratos 4.1.0. A user role > called 'Tenant-User' will be created with the following permissions. Tenant > user can view Autoscaling policies, Cartridge definitions, deployment > policies, partition definitions, service definitions, subscriptions in the > tenant space while only having the ability to add/remove subscriptions. > > > [image: Inline image 1] > > stratos.manager, cloud.controller and autoscaler compont > services/component.xmls were modified to include relevant permissions > and AuthorizationActions to call particular service methods.The > StratosAdmin REST API methods' @AuthorizationAction was changed to > facilitate the above permission model. > > In the current implementation the stratos UI permissions and REST API > permissions are handled separately. UI permissions are predefined for > Stratos Admin and Tenant admin seperately in the acl.json file. The whole > UI permission model needs to be changed to use carbon user management and > permissions using Jaggery, which I will be looking into next. Will be > including couple of REST API methods to create/delete/modify tenant users > and roles. > > WIP : > https://github.com/lasinducharith/stratos/commit/0f018ffb6d9ac33f67d568d7ff3d9688e8f45a43 > > Thanks, > > > On Mon, Sep 1, 2014 at 5:07 PM, Lasindu Charith <[email protected]> wrote: > >> Hi Reka, >> >> >> On Mon, Sep 1, 2014 at 4:50 PM, Reka Thirunavukkarasu <[email protected]> >> wrote: >> >>> Hi Lasindu >>> >>> >>> On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <[email protected]> >>> wrote: >>> >>>> Hi devs, >>>> >>>> I'm in the process of extending the User Management and Permission >>>> model for Stratos 4.1.0. >>>> (See email discussions with following subjects : Role based access and >>>> functionality for Stratos & Introducing tenant isolation in >>>> policy/definition creation and usage). >>>> >>>> As discussed above, the proposed User/tenant Management will be as >>>> following. >>>> >>>> 1. Mainly there are 3 users, Stratos Admin (Super Admin), Tenant >>>> Admin and the Tenant User. >>>> >>>> Don't you need to have Super Admin users as well? So that we can give >>> some role based access even to Multiple super admins. >>> >> >> Yes, In the super tenant space, super tenant can have multiple >> (super)tenant admins as well as (super)tenant users.This should work >> similar to the way other tenant spaces work. In the initial step we are >> planning to create pre defined user roles in Carbon, so that at the time of >> user creation, tenant admins can select the user role. >> >>> >>> >>>> >>>> 1. Tenant(admin) creation will be moved back to the Carbon UI and >>>> tenant user creation will be done in new Stratos UI. Tenant user >>>> will have a set of pre-defined roles to be assigned at the user creation >>>> time. >>>> 2. Stratos Admin will mostly use the Carbon UI to create new >>>> tenants and will also have his own super tenant space to create new >>>> policies, definitions, users, subscribe to cartridges etc. IaaS >>>> configuration will be done by the Stratos admin. >>>> 3. A tenant admin will use the new UI to configure the tenant space >>>> - this includes creation of policies, definitions and deploying them, >>>> adding tenant users and assigning them roles. >>>> 4. A tenant user will use the new UI to create/deploy applications >>>> (previously referred to as subscribe) which are visible within that >>>> tenant >>>> space. >>>> >>>> The existing permission model needs to be extended to support >>>> tenant/user level separation and >>>> REST API should provide role based access. Will update the thread with >>>> progress. >>>> >>> >>> Are you introducing any permissions specific to Super/Tenant admin/users >>> in stratos? So that we can assign the users to relevant roles based on the >>> permissions given. >>> >> >> Yes, Only Super tenant can create/delete tenants, but any tenant admin >> can deploy/edit/delete policies, cartridge definitions, partitions etc. So >> there are specific permissions for super admin/tenant, tenant admin and >> tenant user. These will ideally be user roles in carbon user management >> model. >> >> >>> >>>> Suggestions and thoughts are welcome .. >>>> >>>> Thanks, >>> Reka >>> >>>> >>>> Thanks, >>>> -- >>>> *Lasindu Charith* >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94714427192 >>>> Web: blog.lasindu.com >>>> >>> >>> >>> >>> -- >>> Reka Thirunavukkarasu >>> Senior Software Engineer, >>> WSO2, Inc.:http://wso2.com, >>> Mobile: +94776442007 >>> >>> >>> >> >> Thanks, >> -- >> *Lasindu Charith* >> Software Engineer, WSO2 Inc. >> Mobile: +94714427192 >> Web: blog.lasindu.com >> > > > > -- > *Lasindu Charith* > Software Engineer, WSO2 Inc. > Mobile: +94714427192 > Web: blog.lasindu.com > -- *Lasindu Charith* Software Engineer, WSO2 Inc. Mobile: +94714427192 Web: blog.lasindu.com
