[
https://issues.apache.org/jira/browse/CLOUDSTACK-5920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13923142#comment-13923142
]
ASF subversion and git services commented on CLOUDSTACK-5920:
-------------------------------------------------------------
Commit c28450c1cdb51fba035f8f8f864dd0450ea1e099 in cloudstack's branch
refs/heads/rbac from [~minchen07]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=c28450c ]
CLOUDSTACK-5920: IAM service plugin.
> CloudStack IAM Plugin feature
> -----------------------------
>
> Key: CLOUDSTACK-5920
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5920
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API, Management Server
> Affects Versions: 4.3.0
> Reporter: Prachi Damle
> Assignee: Prachi Damle
> Fix For: 4.4.0
>
>
> Currently CloudStack provides very limited IAM services and there are several
> drawbacks within those services:
> - Offers few roles out of the box (user and admin) with prebaked access
> control for these roles. There is no way to create additional roles with
> customized permissions.
> - Some resources have access control baked into them. E.g., shared networks,
> projects etc.
> - We have to create special dedicate APIs to grant permissions to resources.
> - Also it should be based on a plugin model to be possible to integrate with
> other RBAC implementations say using AD/LDAP in future
> Goal for this feature would be to address these limitations and offer true
> IAM services in a phased manner.
> As a first phase, we need to separate out the current access control into a
> separate component and create a standard access check mechanism to be used by
> the API layer. Also the read/listing APIs need to be refactored accordingly
> to consider the role based access granting.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
