cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-8562) User Definable Roles
Date Tue, 26 Apr 2016 11:21:12 GMT


ASF GitHub Bot commented on CLOUDSTACK-8562:

Github user koushik-das commented on the pull request:
    >>Consider this an admin creates a read-only admin role and accounts with that (such
users can only do list* calls), now if they go back to static-checker all such users now become
default root admin (based on account type, translation) and can call all APIs defined in
-- this is a significant security risk. Therefore, I personally don't want to put users at
risk and just discourage them using the static checker.
    @rhtyd This is what I would ideally like to see. If the user doesn't want the dynamic
roles for whatever reason he shouldn't be forced to use it. There should be a one time choice
given to users if they want to use dynamic roles. If user decides to go ahead with it, do
the data migration and there shouldn't be an option to come back to static checker (for the
reasons you have rightly mentioned). But if user wants to continue with static checker, it
should continue to work on the basis of
    The current way you have implemented it using global config is confusing. Especially when
you say that simply disabling the flag won't fall back to the static checker automatically
and additional stuff needs to be done to make it work.
    Let me know what you think?

> User Definable Roles
> --------------------
>                 Key: CLOUDSTACK-8562
>                 URL:
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
> Static moved to database and made user definable

This message was sent by Atlassian JIRA

View raw message