cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Chan <>
Subject RE: Construct / change role permissions
Date Fri, 15 Jun 2012 16:31:52 GMT
You are correct that Cloudstack has created essentially three static roles today.  The most
you can do today is to allow/disallow API commands to each role via the

It has been something that has been requested many times before, however, most production
systems that go live on CloudStack typically are fronted by some type of "portal."  These
portals are the ones that decide permissions for each user type.  Essentially, it's the user
role that require a bit more flexibility as the other two roles are pretty standard.

I do know that Citrix is working on contributing back some refactoring work on the domain
and user ACL checklist so you might want to wait for that first.


> -----Original Message-----
> From: Olga Smola []
> Sent: Friday, June 15, 2012 1:02 AM
> To:; cloudstack-
> Subject: Construct / change role permissions
> Hi,
> I would like to discuss CloudStack roles capabilities. As far as I understand, there
> are 3 distinct roles and there is no possibility to change any role permissions.
> Sometimes it's not so comfortable for situation when it is needed to allow some
> action from one role to another one. For example, if you would like to allow
> USER new action "Add account", you can't. Because there is no API command
> for USER. What about new roles?
> Have you got any ideas how to extend the CloudStack mechanism of roles
> creation? It will be more convenient if there is something that allow to create
> custom roles with needed permissions. For example, give basic role ADMIN or
> USER and then create new role based on it, change permissions(remove, add).
> Something like Role's constructor.
> Also I would like to know if somebody else needs similar extension?
> Fill free to write any ideas.
> Thanks a lot,
> Olga

View raw message