On Thu, Aug 04, 2011 at 03:02:19PM -0400, Hugh Brock wrote:
On Thu, Aug 04, 2011 at 01:18:28PM -0400, Dmitri Pal wrote:
On 08/04/2011 08:25 AM, Hugh Brock wrote:
On Wed, Aug 03, 2011 at 10:04:28PM -0400, Dmitri Pal wrote:
On 08/03/2011 07:27 PM, Dmitri Pal wrote:
On 08/03/2011 10:34 AM, Hugh Brock wrote:
On Tue, Aug 02, 2011 at 08:13:55PM -0400, Dmitri Pal wrote: > On 08/02/2011 07:07 AM, Hugh Brock wrote: >> The first mail in the thread has a pretty good description of what catalogs are and what features they need to have for this iteration.
[snip]
[snip]
This makes sense but this does not answer the question. With the explanation above the question I asked transforms into: What are the examples of "Pool users"? What function in the organization such user is mapped to? Also do pool users have same rights against all apps in the catalog? If so that means that the permissions are on the catalog level. If the users have different access rights against same catalog (i.e. two pool users say HR have access to different apps in the same catalog) the access control is more on the per app/template/image level.
We need to get to it from user side. A user story for a pool user would be helpful.
Ahh, I see where you're going. I believe I can answer these questions quickly.
- All pool users who have the right to start/stop any app in any catalog mapped to a pool, have the right to start/stop all apps in all catalogs mapped to that pool, but *only* in that pool.
Meh. This wasn't as clear as I meant. What I meant to say was that the permission to start an app in a pool is on the pool-user tuple. If a catalog is mapped to a pool, any user in that pool with start permission can start any app in the mapped catalog. Hopefully that is marginally clearer.
--H
So if I have permission to start apps in the aeolus-staging pool, and the administrator for the aeolus-staging pool adds a catalog to that pool (and note he must have permission on both the catalog and the pool to do so), then I can start any of the apps in that catalog in the aeolus-staging pool.
I believe this is enough constraint, at least for iteration 4. Agree?
Thanks, --Hugh
-- == Hugh Brock, hbrock@redhat.com == == Engineering Manager, Cloud BU == == Aeolus Project: Manage virtual infrastructure across clouds. == == http://aeolusproject.org ==
"I know that you believe you understand what you think I said, but I’m not sure you realize that what you heard is not what I meant." --Robert McCloskey