stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lasindu Charith <lasi...@wso2.com>
Subject Re: Stratos 4.1.0 User Management and Permission Model
Date Mon, 01 Sep 2014 11:37:55 GMT
Hi Reka,


On Mon, Sep 1, 2014 at 4:50 PM, Reka Thirunavukkarasu <reka@wso2.com> wrote:

> Hi Lasindu
>
>
> On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <lasindu@wso2.com> wrote:
>
>> Hi devs,
>>
>> I'm in the process of extending the User Management and Permission model
>> for Stratos 4.1.0.
>> (See email discussions with following subjects : Role based access and
>> functionality for Stratos & Introducing tenant isolation in
>> policy/definition creation and usage).
>>
>> As discussed above, the proposed User/tenant Management will be as
>> following.
>>
>>    1. Mainly there are 3 users, Stratos Admin (Super Admin), Tenant
>>    Admin and the Tenant User.
>>
>> Don't you need to have Super Admin users as well? So that we can give
> some role based access even to Multiple super admins.
>

Yes, In the super tenant space, super tenant can have multiple
(super)tenant admins as well as (super)tenant users.This should work
similar to the way other tenant spaces work. In the initial step we are
planning to create pre defined user roles in Carbon, so that at the time of
user creation, tenant admins can select the user role.

>
>
>>
>>    1. Tenant(admin) creation will be moved back to the Carbon UI and
>>    tenant user creation will be done in new Stratos UI. Tenant user will
>>    have a set of pre-defined roles to be assigned at the user creation time.
>>    2. Stratos Admin will mostly use the Carbon UI to create new tenants
>>    and will also have his own super tenant space to create new policies,
>>    definitions, users, subscribe to cartridges etc. IaaS configuration will be
>>    done by the Stratos admin.
>>    3. A tenant admin will use the new UI to configure the tenant space -
>>    this includes creation of policies, definitions and deploying them, adding
>>    tenant users and assigning them roles.
>>    4. A tenant user will use the  new UI to create/deploy applications
>>    (previously referred to as subscribe) which are visible within that tenant
>>    space.
>>
>> The existing permission model needs to be extended to support tenant/user
>> level separation and
>> REST API should provide role based access. Will update the thread with
>> progress.
>>
>
> Are you introducing any permissions specific to Super/Tenant admin/users
> in stratos? So that we can assign the users to relevant roles based on the
> permissions given.
>

Yes, Only Super tenant can create/delete tenants, but any tenant admin can
deploy/edit/delete policies, cartridge definitions, partitions etc. So
there are specific permissions for super admin/tenant, tenant admin and
tenant user. These will ideally be user roles in carbon user management
model.


>
>> Suggestions and thoughts are welcome ..
>>
>> Thanks,
> Reka
>
>>
>> Thanks,
>> --
>> *Lasindu Charith*
>> Software Engineer, WSO2 Inc.
>> Mobile: +94714427192
>> Web: blog.lasindu.com
>>
>
>
>
> --
> Reka Thirunavukkarasu
> Senior Software Engineer,
> WSO2, Inc.:http://wso2.com,
> Mobile: +94776442007
>
>
>

Thanks,
-- 
*Lasindu Charith*
Software Engineer, WSO2 Inc.
Mobile: +94714427192
Web: blog.lasindu.com

Mime
View raw message