Chip,
1) "System" user is always identified by the cloud.user DB id=1 (hardcoded
in User.java interface). This user is never exposed via API, you can't
remove it - the checks are already in place for it.
2) For users of "admin" account, currently there is no direct way to tell
if the user was added by the system, or using API call. We can't rely on
name "admin" as it's not reserved name and renaming is also allowed.
I think for upgrade we can rely on the cloud.user db id - expect it to be
"system_user_db_id + 1" as we know that 2 users come with the default
cloudStack install.
-Alena.
On 4/9/13 10:02 AM, "Chip Childers" <chip.child...@sungard.com> wrote:
>On Tue, Apr 09, 2013 at 09:56:37AM -0700, Alena Prokharchyk wrote:
>> We should allow to delete any CS users except for ones that came as a
>>part
>> of cloudStack installation ("system" and "admin" users). The users
>>you've
>> created using API, should be allowed to be removed no matter of their
>> types.
>
>+1 to this in general terms. Not sure about requiring a change like
>this for 4.1.0 though.
>
>>
>> The right way to distinguish between system generated users, and users
>> created using APIs would be introducing the flag in the cloud.users DB.
>
>Do you have any thoughts on how we would correctly identify these
>account in existing installs?
>
>
