Versions Compared

Old Version 55

changes.mady.by.user Prachi Damle

Saved on

compared with

New Version 56

changes.mady.by.user Prachi Damle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Thus following will happen if the above regular user 'domainUserA' calls this command:

  • API access check:
  1. The API layer APIlayer will call the APICheckers to see if the user is allowed to invoke this API
    1. The PolicyBasedAccessChecker :: checkAccess(user, apiName) will check following:
      • Find all groups the user belongs too: groupIDs = 1
      • Find all 'Effective' policies the groups are associated to: policies = 1, 6
      • If any policy 'Allows' the startVirtualMachine API, grant permission to make this call: Policy Id 6 and Permission Id 3 allow the API to be invoked for this user.
  • Entity Access Check:
  1. The @ACL annotation invokes the SecurityChecker implementation
    1. PolicyBasedAccessChecker:: checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action) is invoked for the given user account and VM Id for action 'startVirtualMachine'
    2. The PolicyBasedAccessChecker figures allows the 'startVirtualMachine' access to this VM Id if any of the account's policy allows it for this VM.
      • In this case, since this is a regular user, if user is the owner of the VM, then he is granted access.