Prachi Damle created CLOUDSTACK-5920:
----------------------------------------
Summary: CloudStack IAM Plugin feature
Key: CLOUDSTACK-5920
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5920
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: API, Management Server
Affects Versions: 4.3.0
Reporter: Prachi Damle
Assignee: Prachi Damle
Fix For: 4.4.0
Currently CloudStack provides very limited IAM services and there are several
drawbacks within those services:
- Offers few roles out of the box (user and admin) with prebaked access
control for these roles. There is no way to create additional roles with
customized permissions.
- Some resources have access control baked into them. E.g., shared networks,
projects etc.
- We have to create special dedicate APIs to grant permissions to resources.
- Also it should be based on a plugin model to be possible to integrate with
other RBAC implementations say using AD/LDAP in future
Goal for this feature would be to address these limitations and offer true IAM
services in a phased manner.
As a first phase, we need to separate out the current access control into a
separate component and create a standard access check mechanism to be used by
the API layer. Also the read/listing APIs need to be refactored accordingly to
consider the role based access granting.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
