[ https://issues.apache.org/jira/browse/CLOUDSTACK-5920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13921127#comment-13921127 ]
ASF subversion and git services commented on CLOUDSTACK-5920: ------------------------------------------------------------- Commit d0ae4d9a9f7dc2ef39ee24f09c36f67ccb7502d7 in cloudstack's branch refs/heads/master from [~minchen07] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=d0ae4d9 ] CLOUDSTACK-5920:Add interface to ControlledEntity to return IAM entity type. > CloudStack IAM Plugin feature > ----------------------------- > > Key: CLOUDSTACK-5920 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5920 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) > Components: API, Management Server > Affects Versions: 4.3.0 > Reporter: Prachi Damle > Assignee: Prachi Damle > Fix For: 4.4.0 > > > Currently CloudStack provides very limited IAM services and there are several > drawbacks within those services: > - Offers few roles out of the box (user and admin) with prebaked access > control for these roles. There is no way to create additional roles with > customized permissions. > - Some resources have access control baked into them. E.g., shared networks, > projects etc. > - We have to create special dedicate APIs to grant permissions to resources. > - Also it should be based on a plugin model to be possible to integrate with > other RBAC implementations say using AD/LDAP in future > Goal for this feature would be to address these limitations and offer true > IAM services in a phased manner. > As a first phase, we need to separate out the current access control into a > separate component and create a standard access check mechanism to be used by > the API layer. Also the read/listing APIs need to be refactored accordingly > to consider the role based access granting. -- This message was sent by Atlassian JIRA (v6.2#6252)