[one-users] ACL rules - vDCADMIN

Daniel Molina dmolina at opennebula.org
Fri Jun 13 02:28:21 PDT 2014


On 11 June 2014 11:27, Stefan Kooman <stefan at bit.nl> wrote:

> Would it be an (awfull) lot of work to make (a) sunstone view(s)
> dynamic based on permissions (ACLs), instead of hard coding into views?
> Advantage would be that a user/(vDC)administrator only sees
> "buttons"/"tabs"
> he/she is allowd to see/use and a change in permissions would be
> reflected automatically (i.e. re-login / clear broser cache).
>

We considered this option but the main reasons why we decided to use the
yaml files were:
  * A User can be member of more than group and you should check all the
ACL rules
  * ACL rules can apply only on a given resource, you would have to
enable/disable of the list depending on the resource
  * You can have a custom authorisation driver and bypass the acl system
  * VM actions: using acls you can not disable a given action (i.e: remove
undeploy form the GUI)

Cheers

--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140613/523124e1/attachment.htm>


More information about the Users mailing list