stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lasindu Charith <lasi...@wso2.com>
Subject Re: Stratos 4.1.0 User Management and Permission Model
Date Mon, 15 Sep 2014 05:14:34 GMT
Hi all,

The changes are committed in docker_integration branch
https://github.com/apache/stratos/commit/29bf5f164ea6b77a34b876406cc2d3da95231109

*Created JIRAs *
https://issues.apache.org/jira/browse/STRATOS-799
https://issues.apache.org/jira/browse/STRATOS-800
https://issues.apache.org/jira/browse/STRATOS-801

Wrote a blog post covering the changes.
http://blog.lasindu.com/2014/09/apache-stratos-410-user-management-and.html


On Sun, Sep 7, 2014 at 3:56 PM, Lasindu Charith <lasindu@wso2.com> wrote:

> Attached the permission model for Tenant User.
>
>
> On Sun, Sep 7, 2014 at 3:55 PM, Lasindu Charith <lasindu@wso2.com> wrote:
>
>> Hi all,
>>
>> Please find the progress below.
>>
>> Carbon User Management feature was installed in p2-profile gen since we
>> are including user management functionality in Stratos 4.1.0. A user role
>> called 'Tenant-User' will be created with the following permissions. Tenant
>> user can view Autoscaling policies, Cartridge definitions, deployment
>> policies, partition definitions, service definitions, subscriptions in the
>> tenant space while only having the ability to add/remove subscriptions.
>>
>>
>> [image: Inline image 1]
>>
>> stratos.manager, cloud.controller and autoscaler compont
>> services/component.xmls were modified to include relevant permissions
>> and AuthorizationActions to call particular service methods.The
>> StratosAdmin REST API methods'  @AuthorizationAction was changed to
>> facilitate the above permission model.
>>
>> In the current implementation the stratos UI permissions and REST API
>> permissions are handled separately. UI permissions are predefined for
>> Stratos Admin and Tenant admin seperately in the acl.json file. The whole
>> UI permission model needs to be changed to use carbon user management and
>> permissions using Jaggery, which I will be looking into next. Will be
>> including couple of REST API methods to create/delete/modify tenant users
>> and roles.
>>
>> WIP :
>> https://github.com/lasinducharith/stratos/commit/0f018ffb6d9ac33f67d568d7ff3d9688e8f45a43
>>
>> Thanks,
>>
>>
>> On Mon, Sep 1, 2014 at 5:07 PM, Lasindu Charith <lasindu@wso2.com> wrote:
>>
>>> Hi Reka,
>>>
>>>
>>> On Mon, Sep 1, 2014 at 4:50 PM, Reka Thirunavukkarasu <reka@wso2.com>
>>> wrote:
>>>
>>>> Hi Lasindu
>>>>
>>>>
>>>> On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <lasindu@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi devs,
>>>>>
>>>>> I'm in the process of extending the User Management and Permission
>>>>> model for Stratos 4.1.0.
>>>>> (See email discussions with following subjects : Role based access
>>>>> and functionality for Stratos & Introducing tenant isolation in
>>>>> policy/definition creation and usage).
>>>>>
>>>>> As discussed above, the proposed User/tenant Management will be as
>>>>> following.
>>>>>
>>>>>    1. Mainly there are 3 users, Stratos Admin (Super Admin), Tenant
>>>>>    Admin and the Tenant User.
>>>>>
>>>>> Don't you need to have Super Admin users as well? So that we can give
>>>> some role based access even to Multiple super admins.
>>>>
>>>
>>> Yes, In the super tenant space, super tenant can have multiple
>>> (super)tenant admins as well as (super)tenant users.This should work
>>> similar to the way other tenant spaces work. In the initial step we are
>>> planning to create pre defined user roles in Carbon, so that at the time of
>>> user creation, tenant admins can select the user role.
>>>
>>>>
>>>>
>>>>>
>>>>>    1. Tenant(admin) creation will be moved back to the Carbon UI and
>>>>>    tenant user creation will be done in new Stratos UI. Tenant user
>>>>>    will have a set of pre-defined roles to be assigned at the user creation
>>>>>    time.
>>>>>    2. Stratos Admin will mostly use the Carbon UI to create new
>>>>>    tenants and will also have his own super tenant space to create new
>>>>>    policies, definitions, users, subscribe to cartridges etc. IaaS
>>>>>    configuration will be done by the Stratos admin.
>>>>>    3. A tenant admin will use the new UI to configure the tenant
>>>>>    space - this includes creation of policies, definitions and deploying
them,
>>>>>    adding tenant users and assigning them roles.
>>>>>    4. A tenant user will use the  new UI to create/deploy
>>>>>    applications (previously referred to as subscribe) which are visible
within
>>>>>    that tenant space.
>>>>>
>>>>> The existing permission model needs to be extended to support
>>>>> tenant/user level separation and
>>>>> REST API should provide role based access. Will update the thread with
>>>>> progress.
>>>>>
>>>>
>>>> Are you introducing any permissions specific to Super/Tenant
>>>> admin/users in stratos? So that we can assign the users to relevant roles
>>>> based on the permissions given.
>>>>
>>>
>>> Yes, Only Super tenant can create/delete tenants, but any tenant admin
>>> can deploy/edit/delete policies, cartridge definitions, partitions etc. So
>>> there are specific permissions for super admin/tenant, tenant admin and
>>> tenant user. These will ideally be user roles in carbon user management
>>> model.
>>>
>>>
>>>>
>>>>> Suggestions and thoughts are welcome ..
>>>>>
>>>>> Thanks,
>>>> Reka
>>>>
>>>>>
>>>>> Thanks,
>>>>> --
>>>>> *Lasindu Charith*
>>>>> Software Engineer, WSO2 Inc.
>>>>> Mobile: +94714427192
>>>>> Web: blog.lasindu.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Reka Thirunavukkarasu
>>>> Senior Software Engineer,
>>>> WSO2, Inc.:http://wso2.com,
>>>> Mobile: +94776442007
>>>>
>>>>
>>>>
>>>
>>> Thanks,
>>> --
>>> *Lasindu Charith*
>>> Software Engineer, WSO2 Inc.
>>> Mobile: +94714427192
>>> Web: blog.lasindu.com
>>>
>>
>>
>>
>> --
>> *Lasindu Charith*
>> Software Engineer, WSO2 Inc.
>> Mobile: +94714427192
>> Web: blog.lasindu.com
>>
>
>
>
> --
> *Lasindu Charith*
> Software Engineer, WSO2 Inc.
> Mobile: +94714427192
> Web: blog.lasindu.com
>



-- 
*Lasindu Charith*
Software Engineer, WSO2 Inc.
Mobile: +94714427192
Web: blog.lasindu.com

Mime
View raw message