airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Jayasekara <>
Subject Re: Notion of user roles in the PHP Reference Gateway
Date Mon, 30 Jun 2014 07:53:07 GMT
Hi Supun,

I would expect following; (others please correct me if I am wrong)

We need to control access to API functions through roles. Also IS has a
notion of permissions and resources. So the resources are mapped to
functions defined in thrift API. So a permission would look like follows

permission = ("execute", /scigap/thrift/executeExperiment);

We should be able to attach such permissions to roles. So when user invokes
an API function we need to do following;
1. find user's role
2. examine role's permissions
3. check whether any role has permission relevant to invoking function

AFAIK IS provided a way to define permissions and attach them to roles. You
may need to check how those can be used through APIs and how achieve above
described functionality.

-Thejaka Amila

On Sun, Jun 29, 2014 at 2:19 PM, Supun Nakandala <>

> Hi all,
> I am in the process of incorporating the notion of roles to the PHP
> Reference Gateway using the proxy user api that I am developing. WSO2 IS
> enables the tenant admin (gateway admin) to create roles and assign users
> to roles (many to many mapping). From the gateway side we can consume these
> services and implement role based user functionality. The roles defined
> will only be visible to that particular gateway(tenant).
> I would like to know what type of role based functionality is required in
> the context of the PHP Reference Gateway.
> Thank you.
> Supun

View raw message