[
https://issues.apache.org/jira/browse/KYLIN-2760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16148334#comment-16148334
]
liyang commented on KYLIN-2760:
-------------------------------
>From Albert:
I propose small change:
- Only system admin can create and see connection strings
- The connection string can't be see for Admin Project
- Only system admin can add tables to Data Model
- Then Admin Project is the response of define joins of exited tables
Future:
- ACL at column level
> Enhance Project Level ACL
> -------------------------
>
> Key: KYLIN-2760
> URL: https://issues.apache.org/jira/browse/KYLIN-2760
> Project: Kylin
> Issue Type: Improvement
> Components: General
> Affects Versions: v2.0.0
> Environment: all
> Reporter: Joanna He
> Attachments: screenshot-1.png
>
>
> We are planning on enhancing the project level ACL, the plan as below:
> There are five types of predefined user access: System Admin, Project Admin,
> Management, Operation and Query.
> When syncing an LDAP new user, admin has the option to set the new user as
> system admin. The other user access, however, need to be set at project
> level, that means other than system admin which is applied globally on an
> instance, the other four user access are granted on project by project basis.
> So that one user, say johndoe, can be project admin in Project A and
> management access in Project B.
> User role modeler and analyst that are currently set when syncing users, will
> be retired. Project level access can be assigned to user, but not on role any
> more.
> Cube level ACL will be retired too, user's access control on a cube will be
> inherited from user's project level ACL.
> The expected access level for those 5 types of user access are defined as
> attached.
> !screenshot-1.png!
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
