[jira] [Updated] (CLOUDSTACK-5920) CloudStack IAM Plugin feature
[ https://issues.apache.org/jira/browse/CLOUDSTACK-5920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Min Chen updated CLOUDSTACK-5920: - Fix Version/s: (was: 4.5.0) Future > CloudStack IAM Plugin feature > - > > Key: CLOUDSTACK-5920 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5920 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) > Components: API, Management Server >Affects Versions: 4.3.0 >Reporter: Prachi Damle >Assignee: Prachi Damle > Fix For: Future > > > Currently CloudStack provides very limited IAM services and there are several > drawbacks within those services: > - Offers few roles out of the box (user and admin) with prebaked access > control for these roles. There is no way to create additional roles with > customized permissions. > - Some resources have access control baked into them. E.g., shared networks, > projects etc. > - We have to create special dedicate APIs to grant permissions to resources. > - Also it should be based on a plugin model to be possible to integrate with > other RBAC implementations say using AD/LDAP in future > Goal for this feature would be to address these limitations and offer true > IAM services in a phased manner. > As a first phase, we need to separate out the current access control into a > separate component and create a standard access check mechanism to be used by > the API layer. Also the read/listing APIs need to be refactored accordingly > to consider the role based access granting. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CLOUDSTACK-5920) CloudStack IAM Plugin feature
[ https://issues.apache.org/jira/browse/CLOUDSTACK-5920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daan Hoogland updated CLOUDSTACK-5920: -- Fix Version/s: (was: 4.4.0) 4.5.0 > CloudStack IAM Plugin feature > - > > Key: CLOUDSTACK-5920 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5920 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) > Components: API, Management Server >Affects Versions: 4.3.0 >Reporter: Prachi Damle >Assignee: Prachi Damle > Fix For: 4.5.0 > > > Currently CloudStack provides very limited IAM services and there are several > drawbacks within those services: > - Offers few roles out of the box (user and admin) with prebaked access > control for these roles. There is no way to create additional roles with > customized permissions. > - Some resources have access control baked into them. E.g., shared networks, > projects etc. > - We have to create special dedicate APIs to grant permissions to resources. > - Also it should be based on a plugin model to be possible to integrate with > other RBAC implementations say using AD/LDAP in future > Goal for this feature would be to address these limitations and offer true > IAM services in a phased manner. > As a first phase, we need to separate out the current access control into a > separate component and create a standard access check mechanism to be used by > the API layer. Also the read/listing APIs need to be refactored accordingly > to consider the role based access granting. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (CLOUDSTACK-5920) CloudStack IAM Plugin feature
[ https://issues.apache.org/jira/browse/CLOUDSTACK-5920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prachi Damle updated CLOUDSTACK-5920: - Issue Type: New Feature (was: Bug) > CloudStack IAM Plugin feature > - > > Key: CLOUDSTACK-5920 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5920 > Project: CloudStack > Issue Type: New Feature > Security Level: Public(Anyone can view this level - this is the > default.) > Components: API, Management Server >Affects Versions: 4.3.0 >Reporter: Prachi Damle >Assignee: Prachi Damle > Fix For: 4.4.0 > > > Currently CloudStack provides very limited IAM services and there are several > drawbacks within those services: > - Offers few roles out of the box (user and admin) with prebaked access > control for these roles. There is no way to create additional roles with > customized permissions. > - Some resources have access control baked into them. E.g., shared networks, > projects etc. > - We have to create special dedicate APIs to grant permissions to resources. > - Also it should be based on a plugin model to be possible to integrate with > other RBAC implementations say using AD/LDAP in future > Goal for this feature would be to address these limitations and offer true > IAM services in a phased manner. > As a first phase, we need to separate out the current access control into a > separate component and create a standard access check mechanism to be used by > the API layer. Also the read/listing APIs need to be refactored accordingly > to consider the role based access granting. -- This message was sent by Atlassian JIRA (v6.2#6252)