airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <>
Subject [jira] [Commented] (AIRAVATA-2773) Remove EXEC permission, use READ instead
Date Thu, 03 May 2018 16:49:00 GMT


Marcus Christie commented on AIRAVATA-2773:

I guess before removing this I should ask, do we need a separate EXEC permission for Application
Deployments? That is do we have a use case an admin wants to share an Application Deployment
with a user so that that user can run that Application Deployment but doesn't want the user
to be able to be able to "see" it?  Or vice versa, maybe an admin wants to put a user in the
"Read Only Admins" group so that the user can READ the Application Deployment but doesn't
want that user to be able to execute the Application Deployment?

This idea to have a separate EXEC permission came out of the observation that currently this
is the levels of permission in Airavata. Users with 'gateway-user' role don't can't "read"
application deployments but they can execute them. 'admin-read-only' users can also "read"
application deployments and 'admin' users can also "write" them.

There might be a similar argument for a separate permission to use a GroupResourceProfile.
A user may want to share a GroupResourceProfile with other users without allow those users
to see all of the details of the GroupResourceProfile.

If we don't have a strong use case for keeping a separate EXEC permission I'd advocate removing
it just to keep the permissions model simpler.

> Remove EXEC permission, use READ instead
> ----------------------------------------
>                 Key: AIRAVATA-2773
>                 URL:
>             Project: Airavata
>          Issue Type: Improvement
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
> It's not clear than a new EXEC permission is actually needed for application deployments
so I'll remove it for now and we'll just use READ.

This message was sent by Atlassian JIRA

View raw message