Uploaded image for project: 'HAL'
  1. HAL
  2. HAL-258 Access Control API V3
  3. HAL-290

Multiple scoped roles on topology presenter

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • 2.2.0
    • None
    • Access Control
    • None

      Currently the topoogy presenter is using the following @AccessControl annotation: 

      @AccessControl(resources = {
    "/server-group={addressable.group}",
    "/{selected.host}/server-config=*"
    }, recursive = false)

      This has a number of drawbacks:

      • When the user is assigned to several server-group scoped roles (all of them addressable), only the first addressable group is taken into account when the security context is created.
      • The wildcard for server-config does not result in exact operation permissions for the distinct servers.

      To address these issues, the topology presenter should create a security context using the resources from the current topology. Thus the presenter would first read the topology and then use this information to create a security context with addresses for the server-groups, hosts and servers.

              hpehl@redhat.com Harald Pehl
              hpehl@redhat.com Harald Pehl
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: