On 11 June 2014 11:27, Stefan Kooman <ste...@bit.nl> wrote:

> Would it be an (awfull) lot of work to make (a) sunstone view(s)
> dynamic based on permissions (ACLs), instead of hard coding into views?
> Advantage would be that a user/(vDC)administrator only sees
> "buttons"/"tabs"
> he/she is allowd to see/use and a change in permissions would be
> reflected automatically (i.e. re-login / clear broser cache).

We considered this option but the main reasons why we decided to use the
yaml files were:
  * A User can be member of more than group and you should check all the
ACL rules
  * ACL rules can apply only on a given resource, you would have to
enable/disable of the list depending on the resource
  * You can have a custom authorisation driver and bypass the acl system
  * VM actions: using acls you can not disable a given action (i.e: remove
undeploy form the GUI)


Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
Users mailing list

Reply via email to