openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominic Kim <style9...@gmail.com>
Subject Fine-grained permission
Date Thu, 04 Jul 2019 06:24:40 GMT
Recently I discussed this:
https://github.com/apache/incubator-openwhisk/pull/4058 with my colleagues.
That PR is to add a feature to protect actions from deletion by mistake.
That is a good suggestion and I think we can also include more generalized
way to handle the issue.

For example, what we can expect about permission are as follows.

1. Action protection.
2. Hide codes from the shared package.

I am a bit faint but IIRC, Rodric suggested linux-like permission
management.

Regarding number 1, we can achieve it with the permission, "Read / not
Write / Execute".
And with regared to number 2, we can also achieve it with the permission,
"not Read / not Write (this is the default of shared package action) /
Execute".

If we apply linux-like permission to these cases, we can have two different
permission flags, one for owners, the other for users of shared packages.
Then actions can have permission information such as "71" or "51".
So "71" would mean the owner of an action can do "read/write/execute" it
but the one who uses the shared action would be able to do "not read/not
write/execute".
"51" would mean the owner can do "read/not write/execute".

There might be more cases, but I believe we can deal with them in the same
way.
Any feedback or idea on this would be appreciated.

Thanks
Best regards,
Dominic

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message