Thanks for the write up, Yu Xin!
I agree this is our final goal but as it involves a lot of work I want to split it in small tasks in a way we can accommodate some of those in the 1.3 release

I'd say the first goal should be properly differ root and non-root users and allow a root user set non-root users to a specific VM. For then we add the admin and user roles.

1) Allow a root user specific users and groups for a VM (for 1.3 release)
    Basically a API like:
        PUT /vms/<name>/ {users: [user1, user2], groups: [groupA, groupB]}

2) Differ root from non-root users (for 1.3 release)
    A root user can do and see everything in Kimchi
    A non-root user can only manage the VMs a root user assigned to him/her

3) Create admin and user role as you described below

Regarding the UI:
1) We need to provide a way to user specify users and groups for a VM
    VM Edit?

    So we can list system users and groups and user select which ones to add to a VM

2) A non-root user will never be able to create new resources (so we + icon must be removed from its view)
    Guests tab: the backend will return the right VM list according to the logged user
                       - for a root user: all the VMs
                       - for a non-root user: only the VMs he/she is assigned for
                       So no UI work is required

    Templates tab: I think every user can see the templates but the operations must be restricted for root                            users. That way the UI need to disable/remove the actions menu for non-root users.

    Storage and Network tabs: Same behavior from template tab

    Host tab: Every user can see host info and stats
                    And packages update, repositories and debug reports must be restricted for root users.

On 06/27/2014 07:38 AM, Yu Xin Huo wrote:
Security Strategy:

1. Only handle existing linux users and groups, kimchi is positioned to be a virtualization console, will not handle user management which is host level admin.
2. Two levels of privileges
            root users: console settings and virtualization resources management
                    full access to 'Host', 'Guests', 'Templates', 'Storage', 'Network'
                    all root users can see all the guests, templates, storage pools and volumes, networks no matter who created it
                    for created VMs, assign to non-root users with either an admin or user role                                       
            non-root users: manage or use VMs assigned to them
                    admin role: edit & delete their VMs
                    user role: start, stop, vnc their VMs
                    they only have access to 'Guests' tab
                    In 'Guests' tab, only list VMs that they have an admin or user role

UI Design:

root users:
        all current UI will be available.       
        for create a VM, add a section to add users with admin or user role
        for edit a VM, also has a section for add/remove/change users' access

non-root users:
        As only one 'Guest' tab, remove tabs bar and the '+' bar
        Only list VMs that they have a role on
        If the user have 'admin' role, then all current actions available
        if the user have 'user' role, then only actions 'start', 'stop', 'vnc' available


_______________________________________________
Kimchi-devel mailing list
Kimchi-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel