Hi Thilini,
On Fri, Feb 6, 2015 at 2:07 PM, Thilini Shanika <[email protected]> wrote: > Hi, > Need some clarification regarding the issue - [1]. > > In super tenant mode all the default roles can be seen once we login to > carbon console(Internal/everyone, Internal/publisher, Internal/reviewer, > Internal/subscriber, > admin roles) . But in tenant mode, when we initially log in to admin > console, we can only see admin, Internal/everyone, Internal/subscriber > roles only and some roles are missing. But once we login to publisher, the > missing roles - Internal/publisher and Internal/reviewer are generated. > > Is this the expected behavior or do we need to make those missing roles > available in tenant mode also? > This is a bug. Internal/publisher and Internal/reviewer roles also need to be created at the tenant loading time. i.e even when you login to the carbon-mgt console for the first time this role need to be get created in the same way we do for internal/subscriber role. Regards, Dinusha. > > [1] - https://wso2.org/jira/browse/APPM-332 > > On Mon, Feb 2, 2015 at 12:35 PM, Ruwan Yatawara <[email protected]> wrote: > >> Hi Thilini, >> >> The internal/store role is pretty much obsolete AFAIK. However there are >> specific validations on the roles i've listed below . >> >> intermal/publisher - Can create Apps but cannot publish >> internal/reviewer - Ones, publisher submits for an app to be published, >> reviewer permission is needed to approve said request. >> internal/subscriber - This role needs to be available for anyone to be >> able to login to the store. >> >> However, IMHO i believe this is wrong and we should change it (Had a chat >> with Manu and I think this is the same way things are implemented in ES). >> >> *What we should do is basically go for a permission check rather than >> check for a role*. For an instance for creating of apps we should check >> if a particular user has "api/create" *permission *(can be of any role) and >> to publish "api/publish", permission etc. For the store however, its ok to >> have a role based check as there is no specific reference to "store access" >> in the permission tree. >> >> >> Thanks and Regards, >> >> Ruwan Yatawara >> >> Senior Software Engineer, >> WSO2 Inc. >> >> email : [email protected] >> mobile : +94 77 9110413 >> blog : http://thoughts.ruwan-ace.com/ >> www: :http://wso2.com >> >> >> On Sun, Feb 1, 2015 at 11:31 AM, Thilini Shanika <[email protected]> >> wrote: >> >>> Hi all, >>> >>> There are several bugs reported regarding the permission issues of >>> default roles in App Manager. In order to fix and resolve them, we need to >>> clarify what are the exact usage and permissions which should assigned >>> with those roles. >>> >>> The roles which were subjected to permission issues are listed below >>> with the current permissions assigned. >>> >>> - Internal/store-admin - Login >>> - Internal/store - Login >>> - Internal/reviewer - Login >>> >>> Can you please specify what are the usage, and whether the current >>> permissions assigned are correct? If not correct what are the exact >>> permissions that these roles should be assigned with? >>> >>> -- >>> Thilini Shanika >>> Software Engineer >>> WSO2, Inc.; http://wso2.com >>> 20, Palmgrove Avenue, Colombo 3 >>> >>> E-mail: [email protected] >>> >>> >> > > > -- > Thilini Shanika > Software Engineer > WSO2, Inc.; http://wso2.com > 20, Palmgrove Avenue, Colombo 3 > > E-mail: [email protected] > > -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
