incubator-cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Mehta <Nitin.Me...@citrix.com>
Subject RE: Template access control, just "food to think"
Date Sat, 12 May 2012 07:07:01 GMT
Hi Dan,
I agree with your suggestion. There is already an enhancement request filed for this kind
of requirement. Please refer to http://bugs.cloudstack.org/browse/CS-6398 
I would encourage you to vote for this. In case you want to add something to it please do
so.

On a side note in the existing software you can use updateTemplatePermissions API to give
template launch permissions to a set of accounts. Why don't you give it a try and see if it
suits your use case.

Thanks,
-Nitin

-----Original Message-----
From: dan@soleks.com [mailto:dan@soleks.com] 
Sent: Saturday, May 12, 2012 12:03 PM
To: cloudstack-users@incubator.apache.org
Subject: Template access control, just "food to think"

Hi All,
Just "food to think" about access control to templates in the CloudStack. Couple words about
system i'm working on. It's 3-components mail environment - SMTP, POP/IMAP, Webmail. So in
general i need three type of templates to build entire system. Templates need to be isolated,
because there is some authentication information that can't go public, so make them public
(in the public zone) is not very bright idea. Making them private will block an access to
them for other users in the same domain. As workaround It's possible to create private zone,
but it's not an option for small installations (10-20 hosts). Also it's possible to create
several users under domain - say user-smtp, user-imap, user-webmail and create templates under
them, but seems like that approach is too "artificial". Ideal solution for that problem would
be public template with-in domain. That template should-not be visible for other domains,
so domain will be level of isolation. Private templates will be like they now - only owner
has to them. 
What is the community opinion about it.

Dan/borei


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Mime
View raw message