I agree. Not a high priority. This is just a nice to have. I was suggesting this without any understanding of implementation costs.
Dmitry On Thu, Oct 2, 2014 at 9:51 PM, Dimuthu Leelarathne <[email protected]> wrote: > Hi Dmitry, > > This is because underlying platform isolation is for tenant. App level > isolation is something AF impose on top of it. I believe it is not worth > the effort to redo the AF layer to special case templates, when we consider > other high priority items. > > thanks, > dimuthu > > > On Fri, Oct 3, 2014 at 9:35 AM, Dmitry Sotnikov <[email protected]> wrote: > >> I see. But the template name still needs to be unique across the whole >> tenant? Or only for the app key? >> >> If the uniqueness scope is App, why append the app key to the name? >> >> Dmitry >> On Oct 2, 2014 7:36 PM, "Amalka Subasinghe" <[email protected]> wrote: >> >>> Hi Dimtry, >>> >>> According to the current implementation we can query the templates based >>> on application key and the environment >>> >>> Thanks >>> Amalka >>> >>> >>> On Thu, Oct 2, 2014 at 10:05 PM, Dmitry Sotnikov <[email protected]> >>> wrote: >>> >>>> Thanks Amalka! >>>> >>>> Question on the templates: what is going to be the difference between >>>> appkey1_admin@development and appkey2_admin@development? >>>> >>>> If no difference, why do we need multiple identical permission >>>> templates? Why not just call it admin@development or even simply Admin? >>>> >>>> Dmitry >>>> >>>> On Thu, Oct 2, 2014 at 8:02 AM, Amalka Subasinghe <[email protected]> >>>> wrote: >>>> >>>>> Finally I resolved all the issues as follows >>>>> >>>>> 1. create database named 'db001' -> create db : db001_wso2_com, dbuser >>>>> : db001_xxxxx, template : appkey_admin@development >>>>> 2. drop database -> remove the database only >>>>> 3. create the database again naming 'db001' -> create the db: >>>>> db001_wso2_com, dbuser : db00155_xxxxx, template : >>>>> appkey_admin@development >>>>> >>>>> Here, new user will be created with the name db001NN_xxxxx (NN will be >>>>> a random number in between 0-100) >>>>> >>>>> now a new template will not be created for each database creation. >>>>> first time when we create the template system will create the admin >>>>> template as 'appkey_admin@development', and then for the second >>>>> database same 'appkey_admin@development' template will be attached. >>>>> >>>>> Now database and dbuser name allows to enter only 5 characters >>>>> >>>>> >>>>> On Thu, Oct 2, 2014 at 10:47 AM, Amalka Subasinghe <[email protected]> >>>>> wrote: >>>>> >>>>>> Red error message comes when we try to create the database. since >>>>>> it's already deleted we can use the same name, but the problem here is we >>>>>> can't create the dbuser with the same name. in that case, giving message >>>>>> name has already taken will not be matching >>>>>> >>>>>> On Thu, Oct 2, 2014 at 10:39 AM, Dmitry Sotnikov <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Dimuthu, thanks! >>>>>>> >>>>>>> Amalka, can we instead of the scary red error message, just instruct >>>>>>> user to pick another name because this one has already been taken? >>>>>>> >>>>>>> Dmitry >>>>>>> >>>>>>> On Wed, Oct 1, 2014 at 8:46 PM, Dimuthu Leelarathne < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Dmitry, >>>>>>>> >>>>>>>> Please see my comments inline. >>>>>>>> >>>>>>>> On Wed, Oct 1, 2014 at 9:49 PM, Dmitry Sotnikov <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Amalka, >>>>>>>>> >>>>>>>>> Thanks! For your #1, what will happen when you get to the limit? >>>>>>>>> Will database creation fail? Or is there code to handle it >>>>>>>>> gracefully? How? >>>>>>>>> >>>>>>>>> For #2, default@Development sounds pretty meaningless. Is that >>>>>>>>> all-powerful all-permission templates? Why not call it >>>>>>>>> admin@Development? >>>>>>>>> Other than that, if this prevents all these multiple identical >>>>>>>>> permission >>>>>>>>> templates from being created with each database - this would be a good >>>>>>>>> thing! >>>>>>>>> >>>>>>>>> Ideally, in the future we also delete the temporary user accounts >>>>>>>>> when databases are deleted or find another way to prevent the current >>>>>>>>> proliferation of the temp accounts... >>>>>>>>> >>>>>>>> >>>>>>>> Proliferation of user accounts - This is not possible due to a >>>>>>>> limitation in SS API. There is no way to identify whether a user is >>>>>>>> attached to more than one database, hence we cannot delete them upon >>>>>>>> database deletion. I have already created a JIRA for SS guys. >>>>>>>> >>>>>>>> thanks, >>>>>>>> dimuthu >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Dmitry >>>>>>>>> >>>>>>>>> On Wed, Oct 1, 2014 at 7:09 AM, Amalka Subasinghe <[email protected] >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> *I fixed the add new database function as follows: (Issue 1)* >>>>>>>>>> >>>>>>>>>> 1. add new database first time 'db001' >>>>>>>>>> System will create database: 'db001_wso2_com', dbuser: >>>>>>>>>> 'db001_xxxxx'. >>>>>>>>>> >>>>>>>>>> 2. drop the database 'db001' >>>>>>>>>> System will drop only the database; dbuser will be remain in the >>>>>>>>>> system >>>>>>>>>> >>>>>>>>>> 3. add new database with the same name 'db001' >>>>>>>>>> System will get the number of users who has the name starting >>>>>>>>>> with 'db001'; this time ..it's 1. So system will create the new user >>>>>>>>>> as >>>>>>>>>> 'db0011_xxxxx'. (appending 1 at the end of the database name) >>>>>>>>>> >>>>>>>>>> like wise every time when we create the new database with the >>>>>>>>>> same name (after dropping) it will append the number of users (name >>>>>>>>>> staring >>>>>>>>>> with 'db001') exist in the system, for the dbuser name. >>>>>>>>>> Please note, storage server allows only 7 characters for database >>>>>>>>>> and dbuser names. So I had to limit the character length of database >>>>>>>>>> and >>>>>>>>>> dbuser to 5. Remaining 2 characters are for appending the number. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Planning to fix the Issue 2 as follows* >>>>>>>>>> >>>>>>>>>> When we create new database each time it creates a new template. >>>>>>>>>> My idea is to keep one default template 'default@Development' >>>>>>>>>> with all the permission and attach that to the each database. >>>>>>>>>> >>>>>>>>>> - When user creates a new database, if the 'default@Development' >>>>>>>>>> template exist; it will assign to the database, else system creates >>>>>>>>>> default >>>>>>>>>> template 'default@Development' and assign. >>>>>>>>>> - If user want to give a different permission list, he/she has to >>>>>>>>>> create a custom template and assign to the database >>>>>>>>>> >>>>>>>>>> Please share your thoughts on this >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> Amalka >>>>>>>>>> >>>>>>>>>> On Tue, Sep 30, 2014 at 11:54 PM, Dmitry Sotnikov < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Thanks Amalka! >>>>>>>>>>> >>>>>>>>>>> You have reproduced the issue correctly. >>>>>>>>>>> >>>>>>>>>>> Here's what I think would work: >>>>>>>>>>> >>>>>>>>>>> * This default mode that automatically associates a user account >>>>>>>>>>> should always do so. Product behavior needs to be consistent. >>>>>>>>>>> >>>>>>>>>>> As far as I understand, the current behavior happens because of >>>>>>>>>>> the account name clash and we have some sort of code that tries to >>>>>>>>>>> generate >>>>>>>>>>> the account, gets the clash and then neither generates the account >>>>>>>>>>> nor >>>>>>>>>>> associates the existing one (what does it do with the password? just >>>>>>>>>>> ignores the new password?) >>>>>>>>>>> >>>>>>>>>>> Quick and easy fix, if you do not have time for more changes: >>>>>>>>>>> 1. Fix this particular handling code, and in the event of name >>>>>>>>>>> clash, add a number to the name to make it unique - so behavior is >>>>>>>>>>> consistent. >>>>>>>>>>> >>>>>>>>>>> Suggested other/better/longer-term possible changes to make the >>>>>>>>>>> behavior more intuitive (comments from everyone are welcome): >>>>>>>>>>> 2. If I am deleting a database and it is the only one using a >>>>>>>>>>> user account and permission template, delete the account and >>>>>>>>>>> template as >>>>>>>>>>> well (probably have the corresponding checkboxes on the confirmation >>>>>>>>>>> window). >>>>>>>>>>> >>>>>>>>>>> Are you sure you want to permanently delete >>>>>>>>>>> database TestDB65765 in Development? >>>>>>>>>>> [X] Also, delete user account TestDB65765 associated with this >>>>>>>>>>> database and its permission template >>>>>>>>>>> >>>>>>>>>>> [Cancel] [Delete] >>>>>>>>>>> >>>>>>>>>>> 3. Create a set of DB permission templates (e.g. Admin, >>>>>>>>>>> View-Only) and have them available for user accounts: >>>>>>>>>>> 3.a. By default assign Admin, >>>>>>>>>>> 3.b. Give in the corresponding advanced screens ability to >>>>>>>>>>> create custom permission templates - this needs to be explicit >>>>>>>>>>> choice >>>>>>>>>>> though, >>>>>>>>>>> 3.c. Admin and View-Only templates cannot be edited. When user >>>>>>>>>>> tries to edit it, he/she is asked to provide a new custom name. >>>>>>>>>>> >>>>>>>>>>> What do you all think? >>>>>>>>>>> >>>>>>>>>>> Dmitry >>>>>>>>>>> >>>>>>>>>>> On Tue, Sep 30, 2014 at 9:38 AM, Amalka Subasinghe < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> Currently I'm working on the Jira [1]. Here we have two issues: >>>>>>>>>>>> >>>>>>>>>>>> *Issue 1:* >>>>>>>>>>>> 1. create a database name "db001" -> this will create database, >>>>>>>>>>>> dbuser and template >>>>>>>>>>>> 2. click on the database and see database configuration -> >>>>>>>>>>>> under the 'attached user' section shows dbuser >>>>>>>>>>>> 3. delete the database >>>>>>>>>>>> 4. again create the database with the same name "db001" >>>>>>>>>>>> 5. click on the database and see database configuration >>>>>>>>>>>> >>>>>>>>>>>> Actual result : >>>>>>>>>>>> a. No database user under 'attached user' section, >>>>>>>>>>>> b. 'Attach new user' -> 'User name' drop down shows the user >>>>>>>>>>>> which created previously. >>>>>>>>>>>> c. 'Attach new user' -> 'Permission template drop down' section >>>>>>>>>>>> shows the 2 templates with the same name 'db001@Development' >>>>>>>>>>>> >>>>>>>>>>>> What should be the expected result here? >>>>>>>>>>>> 1. Are we allowing user to create the database with the same >>>>>>>>>>>> name again? if so shall we attached the already exist dbuser and >>>>>>>>>>>> the >>>>>>>>>>>> template to the database? >>>>>>>>>>>> 2. I think we need to stop creating second template with the >>>>>>>>>>>> same name 'db001@Development'. right? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> *Issue 2:* >>>>>>>>>>>> In the Jira, it has asked to change the template names as >>>>>>>>>>>> "Admin" or "Read-only" instead of 'db001@Development'. >>>>>>>>>>>> Here, my concern is, when we create the database, template will >>>>>>>>>>>> be automatically created with all the permission (So we can call >>>>>>>>>>>> it as >>>>>>>>>>>> 'Admin' template), but if the user change the permissions later, >>>>>>>>>>>> then >>>>>>>>>>>> calling the template as 'Admin' will not be matching. So, current >>>>>>>>>>>> template >>>>>>>>>>>> name is fine for me. WDYT? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> [1] https://wso2.org/jira/browse/APPFAC-2521 >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> Amalka >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Dmitry Sotnikov >>>>>>>>>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>>>>>>>>> email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov >>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>> >>>>>>>>>>> <http://wso2.com/events/> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> Amalka Subasinghe >>>>>>>>>> >>>>>>>>>> WSO2 Inc. >>>>>>>>>> Mobile: +94 77 9401267 >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Dmitry Sotnikov >>>>>>>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>>>>>>> email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> <http://wso2.com/events/> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Dimuthu Leelarathne >>>>>>>> Architect & Product Lead of App Factory >>>>>>>> >>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>> email: [email protected] >>>>>>>> Mobile : 0773661935 >>>>>>>> >>>>>>>> Lean . Enterprise . Middleware >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Dmitry Sotnikov >>>>>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>>>>> email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> <http://wso2.com/events/> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Amalka Subasinghe >>>>>> >>>>>> WSO2 Inc. >>>>>> Mobile: +94 77 9401267 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Amalka Subasinghe >>>>> >>>>> WSO2 Inc. >>>>> Mobile: +94 77 9401267 >>>>> >>>> >>>> >>>> >>>> -- >>>> Dmitry Sotnikov >>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>> email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov >>>> Lean . Enterprise . Middleware >>>> >>>> <http://wso2.com/events/> >>>> >>> >>> >>> >>> -- >>> >>> Amalka Subasinghe >>> >>> WSO2 Inc. >>> Mobile: +94 77 9401267 >>> >> > > > -- > Dimuthu Leelarathne > Architect & Product Lead of App Factory > > WSO2, Inc. (http://wso2.com) > email: [email protected] > Mobile : 0773661935 > > Lean . Enterprise . Middleware > -- Dmitry Sotnikov VP of Cloud; WSO2, Inc.; http://wso2.com/ email: [email protected]; cell: +1.949.303.9653; Skype: DSotnikov Lean . Enterprise . Middleware <http://wso2.com/events/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
