Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B3A94CE84 for ; Sun, 13 May 2012 06:24:41 +0000 (UTC) Received: (qmail 49402 invoked by uid 500); 13 May 2012 06:24:20 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 47849 invoked by uid 500); 13 May 2012 06:24:15 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 40755 invoked by uid 99); 13 May 2012 06:18:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 May 2012 06:18:32 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dan@soleks.com designates 199.175.126.195 as permitted sender) Received: from [199.175.126.195] (HELO mail-smtp00.soleks.net) (199.175.126.195) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 May 2012 06:18:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=soleks.com; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:In-Reply-To:References:Subject:Cc:To:From:Date:Message-ID; bh=//oSaWDIOd7Vpm+H/rufnwNrGSMNOP0OGacwUDhKXK0=; b=IOCqS41laO09eAXg/bZA25t3n+2uD7CWWZraPP4dkwGqPUWZN3okj5CQtpOsiL/BEq5ZSGWB479++n2TK43kD2B1h1mIVcEX0evf0+j+Fn/Pm4WJaSlpBAVvfV9iEIXo; Received: from localhost ([127.0.0.1]) by mail-smtp00.soleks.net with smtp (Exim 4.74) (envelope-from ) id 1STSxj-0002Vp-Lj for cloudstack-users@incubator.apache.org; Sun, 13 May 2012 00:11:27 -0700 Received: from mail-webmail00.soleks.net ([192.168.230.224] helo=webmail.soleks.net) by mail-smtp00.soleks.net with esmtpa (Exim 4.74) (envelope-from ) id 1STSxd-0002Vg-GL; Sun, 13 May 2012 00:11:25 -0700 Received: from S010678cd8e7ac150.vf.shawcable.net (S010678cd8e7ac150.vf.shawcable.net [50.64.48.204]) by webmail.soleks.com (Horde Framework) with HTTP; Sun, 13 May 2012 00:00:47 -0700 Message-ID: <20120513000047.26287j1w2x0q6i8s@webmail.soleks.com> Date: Sun, 13 May 2012 00:00:47 -0700 From: dan@soleks.com To: cloudstack-users@incubator.apache.org, Nitin Mehta Cc: "cloudstack-users@incubator.apache.org" Subject: RE: Template access control, just "food to think" References: <20120511233328.57315i4lemyfmjs4@webmail.soleks.com> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_e8fb9gey4w" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.9) X-GMS-IP-Reputation: 0 X-GMS-DCC-Result: A X-GMS-SpamScanned: a56942db3257d098ebd70c512fb4929b X-DSPAM-Result: Whitelisted X-DSPAM-Processed: Sun May 13 00:11:27 2012 X-DSPAM-Confidence: 0.9899 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 368,4faf5e9f164441863092900 X-DSPAM-Factors: 27, Program+This+message+was, 0.01000, Program+This+message+was, 0.01000, but, 0.01000, but, 0.01000, message+is+#+MIME, 0.01000, That, 0.01000, That, 0.01000, borei+This+message+was+sent, 0.01000, borei+This+message+was+sent, 0.01000, private, 0.01000, private, 0.01000, it+#+you, 0.01000, it+#+you, 0.01000, apache+#+Subject, 0.01000, apache+#+Subject, 0.01000, Subject*RE, 0.01000, com+#+#+soleks+com, 0.01000, com+#+#+soleks+com, 0.01000, an, 0.01000, an, 0.01000, To+cloudstack+#+incubator+apache, 0.01000, To+cloudstack+#+incubator+apache, 0.01000, 10, 0.01000, 10, 0.01000, org, 0.01000, org, 0.01000, soleks+#+mailto+dan+soleks, 0.01000 X-GMS-SpamScore: 0 X-Virus-Checked: Checked by ClamAV on apache.org --=_e8fb9gey4w Content-Type: text/plain; charset=ISO-8859-1 Content-Description: Plaintext Version of Message Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi Nitin, Thanks for suggestion about updateTemplatePermissions, i did try and it didn't work, and honestly saying i don't understand why it should work. CS doesn't do domain based template isolation. However based on the API docs there should be privileged type template, but i don't see how to use it. If you could point me to example it would be great. Dan/borei. > Hi Dan, > I agree with your suggestion. There is already an enhancement request > filed for this kind of requirement. Please refer to > http://bugs.cloudstack.org/browse/CS-6398 > I would encourage you to vote for this. In case you want to add > something to it please do so. > > On a side note in the existing software you can use > updateTemplatePermissions API to give template launch permissions to > a set of accounts. Why don't you give it a try and see if it suits > your use case. > > Thanks, > -Nitin > > -----Original Message----- > From: dan@soleks.com [mailto:dan@soleks.com] > Sent: Saturday, May 12, 2012 12:03 PM > To: cloudstack-users@incubator.apache.org > Subject: Template access control, just "food to think" > > Hi All, > Just "food to think" about access control to templates in the > CloudStack. Couple words about system i'm working on. It's > 3-components mail environment - SMTP, POP/IMAP, Webmail. So in > general i need three type of templates to build entire system. > Templates need to be isolated, because there is some authentication > information that can't go public, so make them public (in the public > zone) is not very bright idea. Making them private will block an > access to them for other users in the same domain. As workaround It's > possible to create private zone, but it's not an option for small > installations (10-20 hosts). Also it's possible to create several > users under domain - say user-smtp, user-imap, user-webmail and > create templates under them, but seems like that approach is too > "artificial". Ideal solution for that problem would be public > template with-in domain. That template should-not be visible for > other domains, so domain will be level of isolation. Private > templates will be like they now - only owner has to them. > What is the community opinion about it. > > Dan/borei > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. --=_e8fb9gey4w--