Versions Compared

Old Version 49

changes.mady.by.user Min Chen

Saved on

compared with

New Version 50

changes.mady.by.user Prachi Damle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This policy should allow all API operations on all types of resources for all domains and accounts. We can represent this policy in following fashion in the db schema:

Accountaccount

id

account_name

uuid

domain_id

2

admin

1c5afd64-482b-11e3-86f3-8118f47f9f9f

1

3

domainAdmin

929d172c-b95e-4b86-9474-9789072c9bdb

2

4

domainUserA

f96ddb47-d3c0-4360-a9cd-613d631c8333

2

acl_group

id

name

description

uuid

domain_id

removed

created

1

NORMAL

Domain user group

d283d4f0-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

2

ADMIN

Root admin group

d283de28-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

3

DOMAIN_ADMIN

Domain admin group

d283e6e8-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

acl_policy

id

name

description

uuid

domain_id

removed

created

rol
e_type

1

NORMAL

Domain user role

d2838dce-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

Sta
tic

2

ADMIN

Root admin role

d2839c56-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

Sta
tic

3

DOMAIN_ADMIN

Domain admin role

d283a7f0-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

Sta
tic

4

RESOURCE_DOMAIN_ADMIN

Resource domain admin role

d283b574-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

Sta
tic

5

READ_ONLY_ADMIN

Read only admin role

d283beac-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

Sta
tic

6

RESOURCE_OWNER

Resource owner role

d283c794-31f0-11e3-ad37-80f85ce25918

1

NULL

2013-10-10 14:13:34

Dyn
amic

----------------------------------------------------------------------------------------------------------------------------
-------+

Access Check Flow

Lets consider the StartVM API is being called by a user and run through the access control usecases for various out-of-box policies.