RE: Template access control, just "food to think"
Hi Dan, I agree with your suggestion. There is already an enhancement request filed for this kind of requirement. Please refer to http://bugs.cloudstack.org/browse/CS-6398 I would encourage you to vote for this. In case you want to add something to it please do so. On a side note in the existing software you can use updateTemplatePermissions API to give template launch permissions to a set of accounts. Why don't you give it a try and see if it suits your use case. Thanks, -Nitin -Original Message- From: d...@soleks.com [mailto:d...@soleks.com] Sent: Saturday, May 12, 2012 12:03 PM To: cloudstack-users@incubator.apache.org Subject: Template access control, just "food to think" Hi All, Just "food to think" about access control to templates in the CloudStack. Couple words about system i'm working on. It's 3-components mail environment - SMTP, POP/IMAP, Webmail. So in general i need three type of templates to build entire system. Templates need to be isolated, because there is some authentication information that can't go public, so make them public (in the public zone) is not very bright idea. Making them private will block an access to them for other users in the same domain. As workaround It's possible to create private zone, but it's not an option for small installations (10-20 hosts). Also it's possible to create several users under domain - say user-smtp, user-imap, user-webmail and create templates under them, but seems like that approach is too "artificial". Ideal solution for that problem would be public template with-in domain. That template should-not be visible for other domains, so domain will be level of isolation. Private templates will be like they now - only owner has to them. What is the community opinion about it. Dan/borei This message was sent using IMP, the Internet Messaging Program.
RE: Template access control, just "food to think"
I can't view that link, seems like i don't have enough permissions. > Hi Dan, > I agree with your suggestion. There is already an enhancement request > filed for this kind of requirement. Please refer to > http://bugs.cloudstack.org/browse/CS-6398 > I would encourage you to vote for this. In case you want to add > something to it please do so. > > On a side note in the existing software you can use > updateTemplatePermissions API to give template launch permissions to > a set of accounts. Why don't you give it a try and see if it suits > your use case. > > Thanks, > -Nitin > > -Original Message- > From: d...@soleks.com [mailto:d...@soleks.com] > Sent: Saturday, May 12, 2012 12:03 PM > To: cloudstack-users@incubator.apache.org > Subject: Template access control, just "food to think" > > Hi All, > Just "food to think" about access control to templates in the > CloudStack. Couple words about system i'm working on. It's > 3-components mail environment - SMTP, POP/IMAP, Webmail. So in > general i need three type of templates to build entire system. > Templates need to be isolated, because there is some authentication > information that can't go public, so make them public (in the public > zone) is not very bright idea. Making them private will block an > access to them for other users in the same domain. As workaround It's > possible to create private zone, but it's not an option for small > installations (10-20 hosts). Also it's possible to create several > users under domain - say user-smtp, user-imap, user-webmail and > create templates under them, but seems like that approach is too > "artificial". Ideal solution for that problem would be public > template with-in domain. That template should-not be visible for > other domains, so domain will be level of isolation. Private > templates will be like they now - only owner has to them. > What is the community opinion about it. > > Dan/borei > > > > This message was sent using IMP, the Internet Messaging Program. > This message was sent using IMP, the Internet Messaging Program.
RE: Template access control, just "food to think"
Hi Nitin, Thanks for suggestion about updateTemplatePermissions, i did try and it didn't work, and honestly saying i don't understand why it should work. CS doesn't do domain based template isolation. However based on the API docs there should be privileged type template, but i don't see how to use it. If you could point me to example it would be great. Dan/borei. > Hi Dan, > I agree with your suggestion. There is already an enhancement request > filed for this kind of requirement. Please refer to > http://bugs.cloudstack.org/browse/CS-6398 > I would encourage you to vote for this. In case you want to add > something to it please do so. > > On a side note in the existing software you can use > updateTemplatePermissions API to give template launch permissions to > a set of accounts. Why don't you give it a try and see if it suits > your use case. > > Thanks, > -Nitin > > -Original Message- > From: d...@soleks.com [mailto:d...@soleks.com] > Sent: Saturday, May 12, 2012 12:03 PM > To: cloudstack-users@incubator.apache.org > Subject: Template access control, just "food to think" > > Hi All, > Just "food to think" about access control to templates in the > CloudStack. Couple words about system i'm working on. It's > 3-components mail environment - SMTP, POP/IMAP, Webmail. So in > general i need three type of templates to build entire system. > Templates need to be isolated, because there is some authentication > information that can't go public, so make them public (in the public > zone) is not very bright idea. Making them private will block an > access to them for other users in the same domain. As workaround It's > possible to create private zone, but it's not an option for small > installations (10-20 hosts). Also it's possible to create several > users under domain - say user-smtp, user-imap, user-webmail and > create templates under them, but seems like that approach is too > "artificial". Ideal solution for that problem would be public > template with-in domain. That template should-not be visible for > other domains, so domain will be level of isolation. Private > templates will be like they now - only owner has to them. > What is the community opinion about it. > > Dan/borei > > > > This message was sent using IMP, the Internet Messaging Program. > This message was sent using IMP, the Internet Messaging Program.
