<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
Thanks for the write up, Yu Xin!<br>
I agree this is our final goal but as it involves a lot of work I
want to split it in small tasks in a way we can accommodate some of
those in the 1.3 release<br>
<br>
I'd say the first goal should be properly differ root and non-root
users and allow a root user set non-root users to a specific VM. For
then we add the admin and user roles.<br>
<br>
1) Allow a root user specific users and groups for a VM <b>(for 1.3
release)</b><br>
Basically a API like:<br>
PUT /vms/<name>/ {users: [user1, user2], groups:
[groupA, groupB]}<br>
<br>
2) Differ root from non-root users <b>(for 1.3 release)</b><br>
A root user can do and see everything in Kimchi<br>
A non-root user can only manage the VMs a root user assigned to
him/her<br>
<br>
3) Create admin and user role as you described below<br>
<br>
Regarding the UI:<br>
1) We need to provide a way to user specify users and groups for a
VM<br>
VM Edit?<br>
<br>
So we can list system users and groups and user select which
ones to add to a VM<br>
<br>
2) A non-root user will never be able to create new resources (so we
+ icon must be removed from its view)<br>
Guests tab: the backend will return the right VM list according
to the logged user<br>
- for a root user: all the VMs<br>
- for a non-root user: only the VMs he/she is
assigned for<br>
So no UI work is required<br>
<br>
Templates tab: I think every user can see the templates but the
operations must be restricted for root
users. That way the UI need to disable/remove the actions menu for
non-root users.<br>
<br>
Storage and Network tabs: Same behavior from template tab<br>
<br>
Host tab: Every user can see host info and stats<br>
And packages update, repositories and debug
reports must be restricted for root users.<br>
<br>
<div class="moz-cite-prefix">On 06/27/2014 07:38 AM, Yu Xin Huo
wrote:<br>
</div>
<blockquote cite="mid:53AD49BE.4070000@linux.vnet.ibm.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<b>Security Strategy:</b><br>
<br>
1. Only handle existing linux users and groups, kimchi is
positioned to be a virtualization console, will not handle user
management which is host level admin.<br>
2. Two levels of privileges<br>
root users: console settings and virtualization
resources management<br>
full access to 'Host', 'Guests', 'Templates',
'Storage', 'Network'<br>
all root users can see all the guests,
templates, storage pools and volumes, networks no matter who
created it<br>
for created VMs, assign to non-root users with
either an admin or user role
<br>
non-root users: manage or use VMs assigned to them<br>
admin role: edit & delete their VMs<br>
user role: start, stop, vnc their VMs<br>
they only have access to 'Guests' tab<br>
In 'Guests' tab, only list VMs that they have
an admin or user role<br>
<br>
<b>UI Design:</b><br>
<br>
root users: <br>
all current UI will be available. <br>
for create a VM, add a section to add users with admin or
user role<br>
for edit a VM, also has a section for add/remove/change
users' access<br>
<br>
non-root users:<br>
As only one 'Guest' tab, remove tabs bar and the '+' bar<br>
Only list VMs that they have a role on<br>
If the user have 'admin' role, then all current actions
available<br>
if the user have 'user' role, then only actions 'start',
'stop', 'vnc' available<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
</body>
</html>