cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daan Hoogland (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-5920) CloudStack IAM Plugin feature
Date Tue, 27 May 2014 15:02:02 GMT


Daan Hoogland commented on CLOUDSTACK-5920:

As announced by Min, this will not make it in 4.4. Changing fix-version to 4.5 for now (should
be 5.0)

> CloudStack IAM Plugin feature
> -----------------------------
>                 Key: CLOUDSTACK-5920
>                 URL:
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API, Management Server
>    Affects Versions: 4.3.0
>            Reporter: Prachi Damle
>            Assignee: Prachi Damle
>             Fix For: 4.5.0
> Currently CloudStack provides very limited IAM services and there are several drawbacks
within those services:
> -  Offers few roles out of the box (user and admin) with prebaked access control for
these roles. There is no way to create additional roles with customized permissions.
> -  Some resources have access control baked into them. E.g., shared networks, projects
> -  We have to create special dedicate APIs to grant permissions to resources.
> - Also it should be based on a plugin model to be possible to integrate with other RBAC
implementations say using AD/LDAP in future 
> Goal for this feature would be to address these limitations and offer true IAM services
in a phased manner.
> As a first phase, we need to separate out the current access control into a separate
component and create a standard access check mechanism to be used by the API layer. Also the
read/listing APIs need to be refactored accordingly to consider the role based access granting.

This message was sent by Atlassian JIRA

View raw message