Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CC31210333 for ; Fri, 31 Jan 2014 11:47:47 +0000 (UTC) Received: (qmail 10576 invoked by uid 500); 31 Jan 2014 11:47:45 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 10543 invoked by uid 500); 31 Jan 2014 11:47:43 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 10534 invoked by uid 99); 31 Jan 2014 11:47:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jan 2014 11:47:41 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of alex.hitchins@shapeblue.com designates 213.199.154.11 as permitted sender) Received: from [213.199.154.11] (HELO emea01-am1-obe.outbound.protection.outlook.com) (213.199.154.11) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jan 2014 11:47:35 +0000 Received: from DB3PR07MB028.eurprd07.prod.outlook.com (10.242.137.156) by DB3PR07MB027.eurprd07.prod.outlook.com (10.242.137.147) with Microsoft SMTP Server (TLS) id 15.0.868.8; Fri, 31 Jan 2014 11:47:12 +0000 Received: from DB3PR07MB028.eurprd07.prod.outlook.com ([169.254.1.169]) by DB3PR07MB028.eurprd07.prod.outlook.com ([169.254.1.169]) with mapi id 15.00.0868.013; Fri, 31 Jan 2014 11:47:12 +0000 From: Alex Hitchins To: "dev@cloudstack.apache.org" Subject: RE: [DISCUSS] api level access controll Thread-Topic: [DISCUSS] api level access controll Thread-Index: AQHPHnPWRrrmKQvGKkabUg4vMxdWhJqerfgAgAAI2tA= Date: Fri, 31 Jan 2014 11:47:11 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [86.149.248.183] x-forefront-prvs: 0108A997B2 x-forefront-antispam-report: SFV:NSPM;SFS:(10009001)(6009001)(199002)(189002)(51704005)(13464003)(24454002)(13734003)(377454003)(69226001)(81686001)(561944002)(2656002)(76786001)(87266001)(74706001)(81816001)(33646001)(94946001)(19580395003)(87936001)(80976001)(76576001)(77096001)(85806002)(76796001)(83322001)(85306002)(86362001)(19580405001)(74876001)(79102001)(47446002)(92566001)(74502001)(74662001)(31966008)(77982001)(81342001)(56816005)(90146001)(46102001)(53806001)(56776001)(54316002)(76482001)(47976001)(50986001)(54356001)(51856001)(4396001)(59766001)(93136001)(93516002)(94316002)(80022001)(65816001)(47736001)(81542001)(15395725003)(66066001)(63696002)(83072002)(49866001)(85852003)(74316001)(74366001)(24736002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB3PR07MB027;H:DB3PR07MB028.eurprd07.prod.outlook.com;CLIP:86.149.248.183;FPR:EEACF1ED.93F65EE2.FF611D73.44D5484D.203CA;InfoNoRecordsA:1;MX:1;LANG:en; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: shapeblue.com X-Virus-Checked: Checked by ClamAV on apache.org Agreed - I believe the IAM proposal that went out recently may have covered= this topic a little too. Is it something to bake into the API layer or better/cleaner to build some = proxy layer that handles permissions? Alex Hitchins +44 7788 423 969 -----Original Message----- From: Erik Weber [mailto:terbolous@gmail.com] Sent: 31 January 2014 11:13 To: dev@cloudstack.apache.org Subject: Re: [DISCUSS] api level access controll On Fri, Jan 31, 2014 at 12:00 PM, Daan Hoogland wr= ote: > H, > > I git a question of an operator ad Schuberg Philis to crete a set of > api keys and to have control over excatly what api calls are allowed > for this set of keys. Does anybody else recognise this use case? > already hacked it in? have an idea how to do it? has a reason why not > to do it? > > Having more flexibility with access control is something that I and the com= pany I work for appreciate. I can also see several use cases for this, monitoring user that should only= be able to list stuff (but all stuff) et cetera. -- Erik Weber Need Enterprise Grade Support for Apache CloudStack? Our CloudStack Infrastructure Support offers the best 24/7 SLA for CloudStack Environments. Apache CloudStack Bootcamp training courses **NEW!** CloudStack 4.2.1 training 18th-19th February 2014, Brazil. Classroom 17th-23rd March 2014, Region A. Instructor led, On-line 24th-28th March 2014, Region B. Instructor led, On-line 16th-20th June 2014, Region A. Instructor led, On-line 23rd-27th June 2014, Region B. Instructor led, On-line This email and any attachments to it may be confidential and are intended s= olely for the use of the individual to whom it is addressed. Any views or o= pinions expressed are solely those of the author and do not necessarily rep= resent those of Shape Blue Ltd or related companies. If you are not the int= ended recipient of this email, you must neither take any action based upon = its contents, nor copy or show it to anyone. Please contact the sender if y= ou believe you have received this email in error. Shape Blue Ltd is a compa= ny incorporated in England & Wales. ShapeBlue Services India LLP is a compa= ny incorporated in India and is operated under license from Shape Blue Ltd.= Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and= is operated under license from Shape Blue Ltd. ShapeBlue is a registered t= rademark.