cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8562) User Definable Roles
Date Wed, 27 Apr 2016 08:23:13 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15259762#comment-15259762
] 

ASF GitHub Bot commented on CLOUDSTACK-8562:
--------------------------------------------

Github user koushik-das commented on the pull request:

    https://github.com/apache/cloudstack/pull/1489#issuecomment-215008749
  
    >>That is to say that the API permissions on a fresh install before and after this
is merged should behave the same out of the box. If that's the case then I don't think users
will feel forced into anything or even notice that something was changed, and if someone really
does care, it sounds simple enough to enable commands.properties.
    
    @mlsorensen @jburwell Unless users try it out how will they verify that the behaviour
is same out of box before and after. I know testing have been done but is it good enough to
say that things are consistent before and after. Note that there is data migration happening
from commands.properties to DB. I know that commands.properties has it limitations but that
doesn't mean it needs to be removed immediately. Let the new feature be there for atleast
a couple of releases so that it can be tried out and   stabilized before deprecating the old
one. If the concern is about the file getting changed then that can be easily prevented (same
is done for the old db schema files as well). All I am saying is if the file needs to be removed
do it after a few releases by following the proper deprecation process.
    
    >>Second, command.properties does not permit the definition of new roles. Limiting
users to 4 roles in a modern cloud environment is a barrier to CloudStack adoption.
    
    @jburwell Correct me if I am wrong but based on what I have seen in the code even after
this feature there will still be 4 roles. I think what this feature allows is creating some
grouping of permissions and assigning them a name. I can create a role with name "Operator"
having say API1 and API2, someone else can create a role with same name but with API3 and
API4. The same can be implemented as an independent plugin outside of cloudstack as well.



> User Definable Roles
> --------------------
>
>                 Key: CLOUDSTACK-8562
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8562
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
>
> Static command.properties moved to database and made user definable



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message