cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chip Childers <chip.child...@sungard.com>
Subject Re: [DISCUSS] - Deletion of Users within the Admin account
Date Mon, 22 Apr 2013 19:12:57 GMT
On Mon, Apr 22, 2013 at 07:02:41PM +0000, Pranav Saxena wrote:
> Hi Chip ,
> 
> This issue has been fixed in asf/master at both the UI and API layers (CLOUDSTACK-1941)
. Now , if you think that we should support the same functionality in 4.1 as well , then myself
and Alena can back-port our fixes to 4.1 from master. 

I already cut an RC for 4.1.0.  Do you think it makes sense to port it
over for 4.1.1 (or depending on when it makes it into the branch and how
the current RC voting goes, it could end up in 4.1.0)?

I wouldn't object, but I don't think we should re-spin an RC specifically for
it.

> 
> Thanks,
> Pranav
> 
> -----Original Message-----
> From: Alena Prokharchyk
> Sent: Tuesday, April 09, 2013 11:12 PM
> To: dev@cloudstack.apache.org
> Cc: Pranav Saxena
> Subject: Re: [DISCUSS] - Deletion of Users within the Admin account
> 
> Chip, 
> 
> 1) "System" user is always identified by the cloud.user DB id=1 (hardcoded in User.java
interface). This user is never exposed via API, you can't remove it - the checks are already
in place for it.
> 
> 2) For users of "admin" account, currently there is no direct way to tell if the user
was added by the system, or using API call. We can't rely on name "admin" as it's not reserved
name and renaming is also allowed.
> 
> I think for upgrade we can rely on the cloud.user db id - expect it to be "system_user_db_id
+ 1" as we know that 2 users come with the default cloudStack install.
> 
> 
> -Alena.
> 
> 
> 
> On 4/9/13 10:02 AM, "Chip Childers" <chip.childers@sungard.com> wrote:
> 
> >On Tue, Apr 09, 2013 at 09:56:37AM -0700, Alena Prokharchyk wrote:
> >> We should allow to delete any CS users except for ones that came as a 
> >>part  of cloudStack installation ("system" and "admin" users). The 
> >>users you've  created using API, should be allowed to be removed no 
> >>matter of their  types.
> >
> >+1 to this in general terms.  Not sure about requiring a change like
> >this for 4.1.0 though.
> >
> >> 
> >> The right way to distinguish between system generated users, and 
> >> users created using APIs would be introducing the flag in the cloud.users DB.
> >
> >Do you have any thoughts on how we would correctly identify these 
> >account in existing installs?
> >
> >
> 
> 
> 

Mime
View raw message