Hi, On Thu, May 26, 2011 at 11:17 AM, Amila Suriarachchi <am...@wso2.com> wrote:
> Role is a set of permissions (i.e resouceid + action). Resource id or > resource is always specific to a system. There for a role is defined for a > given system. Therefore it is a external roles is a confusing idea. > > And also we need to have a clear definition about adminRole. If I engaged > UT for a service and set a role like myRole, and invoke the service as admin > (who is in adminRole) it won't work. Same thing happens with XCMAL as well. > > It is wrong to assume that admin can access all deployed services. Admin is the admin for all admin console. thanks, dimuthu > thanks, > Amila. > > >> >> [1] https://wso2.org/jira/browse/CARBON-9195 >> >> Thanks, >> Hasini. >> >> >>> thanks, >>> Amila. >>> >>>> >>>> On Sun, May 22, 2011 at 11:10 AM, Hasini Gunasinghe <has...@wso2.com>wrote: >>>> >>>>> Hi, >>>>> >>>>> This is the understanding that I have regarding this. Please correct if >>>>> anything is wrong. >>>>> >>>>> Differentiation of roles as external or internal is based on whether we >>>>> manage user roles in the user store itself or in internal UM database in a >>>>> hybrid manner. >>>>> >>>>> For an example, we find the above use case with LDAP user store where >>>>> we can either manage roles in LDAP itself or in internal JDBC database in >>>>> a >>>>> hybrid manner (basically when user store is read only). >>>>> >>>>> In that case, internal role means: if a role is managed in internal UM >>>>> database in a hybrid manner. >>>>> external role means: if a role is managed in LDAP >>>>> user store - can be either embedded LDAP or external LDAP. >>>>> >>>>> >>>> Roles defined in embedded LDAP are not external. >>>> >>>> It really doesn't matter whether the underlying implementation is JDBC >>>> or LDAP. Users should not be worrying about underlying implementation. >>>> >>>> tx, >>>> dimuthul >>>> >>>> >>>> >>>>> I think above mail is related to issue: >>>>> https://wso2.org/jira/browse/CARBON-9195. The issue reported there is >>>>> the default behavior according to above understanding. >>>>> Because JDBC user store manager handles roles in hybrid manner only >>>>> when "read only" property is set to true in user-mgt.xml. >>>>> >>>>> Thanks, >>>>> Hasini. >>>>> >>>>> On Fri, May 6, 2011 at 11:09 AM, Amila Jayasekara <ami...@wso2.com>wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> How do we define whether a particular role is internal or external ? >>>>>> (Role type) >>>>>> >>>>>> After a chat with Pavithra, we came to following conclusion. >>>>>> >>>>>> If a role is defined within a server we treat those as internal roles. >>>>>> If a server reads role information from some other user store we >>>>>> consider those as external roles. >>>>>> >>>>>> If above definition is not correct, please advice. >>>>>> >>>>>> Thanks >>>>>> AmilaJ >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> Carbon-dev@wso2.org >>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
