...
Code Block |
---|
Example: DeployVMCmd: This is a create API: Add @ACL(accessType = AccessType.UseEntry access for all entities like template, network Start/Stop/Reboot/Destroy/AttachXXXTOVM: These are the update/delete APIs. Add @ACL(accessType = AccessType.OperateEntry) access for VM ID parameter that identifies the VM entity being operated on |
CS Service layer logic uses "accountManager.checkAccess" to invoke the SecurityCheckers to do access control. Instead, one should try to use @ACL annotation on the API parameters that have to be checked for access.
...