On Thu, May 26, 2011 at 10:20 AM, Hasini Gunasinghe <has...@wso2.com> wrote:
> Hi, > > On Wed, May 25, 2011 at 6:32 PM, Amila Suriarachchi <am...@wso2.com>wrote: > >> >> >> On Sun, May 22, 2011 at 3:45 PM, Dimuthu Leelarathne >> <dimut...@wso2.com>wrote: >> >>> Hi, >>> >>> Internal means WSO2 user manager owns the role and has the right to >>> manage it, basically edit it and delete it as it wish. External means WSO2 >>> user manager does not own the role, it only reads the role. >>> >> >> I tried with the 3.2.0 branch build. When I create a role using Admin >> console it create it as *external* and let me edit and delete. is that >> correct? >> > In functionality wise there is no issue. > true :) > This category name and the definition needs to be sorted out and I think > this discussion started to decide that. There is an jira [1] related to > this. > > In finalizing that, I have two questions: > 1. What is the actual requirement of displaying the category as 'Internal' > or 'External' in front of the role name? Because through UI, we enable > edit/delete options for a role only if the role is editable. > 2. IMO, above mentioned definition of *external* can lead to confusion when > the user store is external ldap with read/write permission, because then the > WSO2 UM may or may not have originated that role, but still it is editable > though management console. > Role is a set of permissions (i.e resouceid + action). Resource id or resource is always specific to a system. There for a role is defined for a given system. Therefore it is a external roles is a confusing idea. And also we need to have a clear definition about adminRole. If I engaged UT for a service and set a role like myRole, and invoke the service as admin (who is in adminRole) it won't work. Same thing happens with XCMAL as well. thanks, Amila. > > [1] https://wso2.org/jira/browse/CARBON-9195 > > Thanks, > Hasini. > > >> thanks, >> Amila. >> >>> >>> On Sun, May 22, 2011 at 11:10 AM, Hasini Gunasinghe <has...@wso2.com>wrote: >>> >>>> Hi, >>>> >>>> This is the understanding that I have regarding this. Please correct if >>>> anything is wrong. >>>> >>>> Differentiation of roles as external or internal is based on whether we >>>> manage user roles in the user store itself or in internal UM database in a >>>> hybrid manner. >>>> >>>> For an example, we find the above use case with LDAP user store where we >>>> can either manage roles in LDAP itself or in internal JDBC database in a >>>> hybrid manner (basically when user store is read only). >>>> >>>> In that case, internal role means: if a role is managed in internal UM >>>> database in a hybrid manner. >>>> external role means: if a role is managed in LDAP >>>> user store - can be either embedded LDAP or external LDAP. >>>> >>>> >>> Roles defined in embedded LDAP are not external. >>> >>> It really doesn't matter whether the underlying implementation is JDBC or >>> LDAP. Users should not be worrying about underlying implementation. >>> >>> tx, >>> dimuthul >>> >>> >>> >>>> I think above mail is related to issue: >>>> https://wso2.org/jira/browse/CARBON-9195. The issue reported there is >>>> the default behavior according to above understanding. >>>> Because JDBC user store manager handles roles in hybrid manner only when >>>> "read only" property is set to true in user-mgt.xml. >>>> >>>> Thanks, >>>> Hasini. >>>> >>>> On Fri, May 6, 2011 at 11:09 AM, Amila Jayasekara <ami...@wso2.com>wrote: >>>> >>>>> Hi All, >>>>> >>>>> How do we define whether a particular role is internal or external ? >>>>> (Role type) >>>>> >>>>> After a chat with Pavithra, we came to following conclusion. >>>>> >>>>> If a role is defined within a server we treat those as internal roles. >>>>> If a server reads role information from some other user store we >>>>> consider those as external roles. >>>>> >>>>> If above definition is not correct, please advice. >>>>> >>>>> Thanks >>>>> AmilaJ >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> Carbon-dev@wso2.org >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>> >>>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev