Hi devs, I'm in the process of extending the User Management and Permission model for Stratos 4.1.0. (See email discussions with following subjects : Role based access and functionality for Stratos & Introducing tenant isolation in policy/definition creation and usage).
As discussed above, the proposed User/tenant Management will be as following. 1. Mainly there are 3 users, Stratos Admin (Super Admin), Tenant Admin and the Tenant User. 2. Tenant(admin) creation will be moved back to the Carbon UI and tenant user creation will be done in new Stratos UI. Tenant user will have a set of pre-defined roles to be assigned at the user creation time. 3. Stratos Admin will mostly use the Carbon UI to create new tenants and will also have his own super tenant space to create new policies, definitions, users, subscribe to cartridges etc. IaaS configuration will be done by the Stratos admin. 4. A tenant admin will use the new UI to configure the tenant space - this includes creation of policies, definitions and deploying them, adding tenant users and assigning them roles. 5. A tenant user will use the new UI to create/deploy applications (previously referred to as subscribe) which are visible within that tenant space. The existing permission model needs to be extended to support tenant/user level separation and REST API should provide role based access. Will update the thread with progress. Suggestions and thoughts are welcome .. Thanks, -- *Lasindu Charith* Software Engineer, WSO2 Inc. Mobile: +94714427192 Web: blog.lasindu.com