stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reka Thirunavukkarasu <>
Subject Re: Stratos 4.1.0 User Management and Permission Model
Date Mon, 01 Sep 2014 11:20:46 GMT
Hi Lasindu

On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <> wrote:

> Hi devs,
> I'm in the process of extending the User Management and Permission model
> for Stratos 4.1.0.
> (See email discussions with following subjects : Role based access and
> functionality for Stratos & Introducing tenant isolation in
> policy/definition creation and usage).
> As discussed above, the proposed User/tenant Management will be as
> following.
>    1. Mainly there are 3 users, Stratos Admin (Super Admin), Tenant Admin
>    and the Tenant User.
> Don't you need to have Super Admin users as well? So that we can give some
role based access even to Multiple super admins.

>    1. Tenant(admin) creation will be moved back to the Carbon UI and
>    tenant user creation will be done in new Stratos UI. Tenant user will
>    have a set of pre-defined roles to be assigned at the user creation time.
>    2. Stratos Admin will mostly use the Carbon UI to create new tenants
>    and will also have his own super tenant space to create new policies,
>    definitions, users, subscribe to cartridges etc. IaaS configuration will be
>    done by the Stratos admin.
>    3. A tenant admin will use the new UI to configure the tenant space -
>    this includes creation of policies, definitions and deploying them, adding
>    tenant users and assigning them roles.
>    4. A tenant user will use the  new UI to create/deploy applications
>    (previously referred to as subscribe) which are visible within that tenant
>    space.
> The existing permission model needs to be extended to support tenant/user
> level separation and
> REST API should provide role based access. Will update the thread with
> progress.

Are you introducing any permissions specific to Super/Tenant admin/users in
stratos? So that we can assign the users to relevant roles based on the
permissions given.

> Suggestions and thoughts are welcome ..
> Thanks,

> Thanks,
> --
> *Lasindu Charith*
> Software Engineer, WSO2 Inc.
> Mobile: +94714427192
> Web:

Reka Thirunavukkarasu
Senior Software Engineer,
WSO2, Inc.:,
Mobile: +94776442007

View raw message