Uploaded image for project: 'HAL'
  1. HAL
  2. HAL-258 Access Control API V3
  3. HAL-290

Multiple scoped roles on topology presenter

    Details

    • Type: Sub-task
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2.2.0
    • Component/s: Access Control
    • Labels:
      None

      Description

      Currently the topoogy presenter is using the following @AccessControl annotation:

      @AccessControl(resources = {
          "/server-group={addressable.group}",
          "/{selected.host}/server-config=*"
          }, recursive = false)
      

      This has a number of drawbacks:

      • When the user is assigned to several server-group scoped roles (all of them addressable), only the first addressable group is taken into account when the security context is created.
      • The wildcard for server-config does not result in exact operation permissions for the distinct servers.

      To address these issues, the topology presenter should create a security context using the resources from the current topology. Thus the presenter would first read the topology and then use this information to create a security context with addresses for the server-groups, hosts and servers.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  harald.pehl Harald Pehl
                  Reporter:
                  harald.pehl Harald Pehl
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: