cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Min Chen <>
Subject Re: [DISCUSS] Major business logic refactoring: Move from Account to UserAccount
Date Fri, 14 Nov 2014 18:19:48 GMT

	I think that the historic reason for this is that CloudStack is only
doing IAM access permission check on account level, user is only login
authentication purpose. That is why we will see that all our CloudStack
resource owner field is an account, since that is the only information
used for controlling whether you have some permissions to the resource.

On 11/14/14 12:53 AM, "Rohit Yadav" <> wrote:

>All CloudStack DB entities (VM, storage, network etc.) have an owner
>field which is mostly the account. An account can have multiple users so
>just by looking at the resource (say VM) it¹s not possible to make out
>which user in the account (owner or account_id field in the db row of the
>entity) created it. CloudStack users may want to know this information
>for at least entities such as VMs and Volumes.
>Historically, why is the account owner of an entity and not a user? If
>user were the owner, we could easily get the account Id using the user Id.
>One solution to fix this problem is to refactor and replace Account
>(interface) usage with UserAccount (interface) usage, fix the DAO and
>resource layer, and add columns in the schema. This gets us all the
>information we need to determine domainId, AccountId and Id (the user
>ID). Should we do it for all entities or just keep status quo (use
>account as owners), or just fix it on-demand basis for specific entities
>such as for user VMs [1].
>Rohit Yadav
>Software Architect, ShapeBlue
>M. +91 88 262 30892 |
>Blog: | Twitter: @_bhaisaab
>Find out more about ShapeBlue and our range of CloudStack related services
>IaaS Cloud Design &
>CSForge ­ rapid IaaS deployment framework<>
>CloudStack Consulting<>
>CloudStack Software
>CloudStack Infrastructure
>CloudStack Bootcamp Training
>This email and any attachments to it may be confidential and are intended
>solely for the use of the individual to whom it is addressed. Any views
>or opinions expressed are solely those of the author and do not
>necessarily represent those of Shape Blue Ltd or related companies. If
>you are not the intended recipient of this email, you must neither take
>any action based upon its contents, nor copy or show it to anyone. Please
>contact the sender if you believe you have received this email in error.
>Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>Services India LLP is a company incorporated in India and is operated
>under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
>a company incorporated in Brasil and is operated under license from Shape
>Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
>is a registered trademark.

View raw message