>will the self-service stuff rob butts is working on be affected in any
way? Will self-service truly be turned off  via a parameter?

What I'm working on, change integrity, shouldn't be affected by turning off
tenancy/roles/capabilities.

And we shouldn't turn off the API-visible parts of what I'll be doing: DS
snapshots, server snapshots, etc.

We should be able to turn off the complex permissions system for
self-service, while still retaining safe change integrity via the timestamp
system.

>it would be nice if TC 3.0 made tenancy / roles & capabilities a
requirement

Requiring tenancy/roles/capabilities would certainly make the code nicer,
but I'm afraid it'll make the software much more difficult to use, for
users who want an internal CDN, and have no need for a complex permissions
framework.

@mitchell852 Is it possible to add GUI shims in Traffic Portal, and/or API
helpers, to make the interface pretend like tenancy/roles/capabilities
don't exist? E.g. to grant all permissions and the root tenant to all users
on user-creation, if the "use_self_service" config flag is set? So all the
code can keep working the same way, but people who don't need
tenancy/roles/capabilities can still have the existing simpler interface?
How difficult would that be?


On Thu, Jun 14, 2018 at 12:18 PM, Jeremy Mitchell <mitchell...@gmail.com>
wrote:

> I like the idea but what will it really mean to turn off use_self_service.
> I know it will mean tenancy will be disabled and API permissions won't be
> checked against a user's capabilities, but will the self-service stuff rob
> butts is working on be affected in any way? Will self-service truly be
> turned off  via a parameter?
>
> IMO it would be nice if TC 3.0 made tenancy / roles & capabilities a
> requirement. No more turning it on and off. The scope of what you see is
> dictated by your tenancy and the api's that you have access to are dictated
> by your capabilities.
>
> Jeremy
>
> On Thu, Jun 14, 2018 at 11:49 AM, Volz, Dylan <dylan_v...@comcast.com>
> wrote:
>
> > Hi Traffic Controllers,
> >
> > I am working on enforcing the roles->capabilities system as a replacement
> > for the soon-to-be legacy priv level system. Like tenancy this is a
> feature
> > moving us towards self-service; so to minimize our code/behavior paths
> > I would like to propose renaming the use_tenancy parameter to
> > use_self_service, so that if it is turned on both tenancy and
> capabilities
> > are applied. This prevents some hairy cases arising when capabilities are
> > on and tenancy is off or vice versa. Let me know if you have any
> questions,
> > concerns, or suggestions.
> >
> > Thanks,
> > Dylan
> >
>

Reply via email to