5:38 a.m.
*Security Strategy:*
1. Only handle existing linux users and groups, kimchi is positioned to
be a virtualization console, will not handle user management which is
host level admin.
2. Two levels of privileges
root users: console settings and virtualization resources
management
full access to 'Host', 'Guests', 'Templates',
'Storage', 'Network'
all root users can see all the guests, templates,
storage pools and volumes, networks no matter who created it
for created VMs, assign to non-root users with
either an admin or user role
non-root users: manage or use VMs assigned to them
admin role: edit & delete their VMs
user role: start, stop, vnc their VMs
they only have access to 'Guests' tab
In 'Guests' tab, only list VMs that they have an
admin or user role
*UI Design:*
root users:
all current UI will be available.
for create a VM, add a section to add users with admin or user role
for edit a VM, also has a section for add/remove/change users'
access
non-root users:
As only one 'Guest' tab, remove tabs bar and the '+' bar
Only list VMs that they have a role on
If the user have 'admin' role, then all current actions available
if the user have 'user' role, then only actions 'start',
'stop', 'vnc' available
8:46 p.m.
Thanks for the write up, Yu Xin!
I agree this is our final goal but as it involves a lot of work I want
to split it in small tasks in a way we can accommodate some of those in
the 1.3 release
I'd say the first goal should be properly differ root and non-root users
and allow a root user set non-root users to a specific VM. For then we
add the admin and user roles.
1) Allow a root user specific users and groups for a VM *(for 1.3 release)*
Basically a API like:
PUT /vms/<name>/ {users: [user1, user2], groups: [groupA, groupB]}
2) Differ root from non-root users *(for 1.3 release)*
A root user can do and see everything in Kimchi
A non-root user can only manage the VMs a root user assigned to him/her
3) Create admin and user role as you described below
Regarding the UI:
1) We need to provide a way to user specify users and groups for a VM
VM Edit?
So we can list system users and groups and user select which ones
to add to a VM
2) A non-root user will never be able to create new resources (so we +
icon must be removed from its view)
Guests tab: the backend will return the right VM list according to
the logged user
- for a root user: all the VMs
- for a non-root user: only the VMs he/she is
assigned for
So no UI work is required
Templates tab: I think every user can see the templates but the
operations must be restricted for root users. That way the UI need to
disable/remove the actions menu for non-root users.
Storage and Network tabs: Same behavior from template tab
Host tab: Every user can see host info and stats
And packages update, repositories and debug reports
must be restricted for root users.
On 06/27/2014 07:38 AM, Yu Xin Huo wrote:
*Security Strategy:*
1. Only handle existing linux users and groups, kimchi is positioned
to be a virtualization console, will not handle user management which
is host level admin.
2. Two levels of privileges
root users: console settings and virtualization resources
management
full access to 'Host', 'Guests', 'Templates',
'Storage', 'Network'
all root users can see all the guests, templates,
storage pools and volumes, networks no matter who created it
for created VMs, assign to non-root users with
either an admin or user role
non-root users: manage or use VMs assigned to them
admin role: edit & delete their VMs
user role: start, stop, vnc their VMs
they only have access to 'Guests' tab
In 'Guests' tab, only list VMs that they have an
admin or user role
*UI Design:*
root users:
all current UI will be available.
for create a VM, add a section to add users with admin or user
role
for edit a VM, also has a section for add/remove/change users'
access
non-root users:
As only one 'Guest' tab, remove tabs bar and the '+' bar
Only list VMs that they have a role on
If the user have 'admin' role, then all current actions available
if the user have 'user' role, then only actions 'start',
'stop', 'vnc' available
_______________________________________________
Kimchi-devel mailing list
Kimchi-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel
6:50 a.m.
On 07/01/2014 10:46 PM, Aline Manera wrote:
Thanks for the write up, Yu Xin!
I agree this is our final goal but as it involves a lot of work I want
to split it in small tasks in a way we can accommodate some of those
in the 1.3 release
I'd say the first goal should be properly differ root and non-root
users and allow a root user set non-root users to a specific VM. For
then we add the admin and user roles.
1) Allow a root user specific users and groups for a VM *(for 1.3
release)*
Basically a API like:
PUT /vms/<name>/ {users: [user1, user2], groups: [groupA, groupB]}
2) Differ root from non-root users *(for 1.3 release)*
A root user can do and see everything in Kimchi
A non-root user can only manage the VMs a root user assigned to
him/her
3) Create admin and user role as you described below
Regarding the UI:
1) We need to provide a way to user specify users and groups for a VM
VM Edit?
So we can list system users and groups and user select which ones
to add to a VM
2) A non-root user will never be able to create new resources (so we +
icon must be removed from its view)
Guests tab: the backend will return the right VM list according to
the logged user
- for a root user: all the VMs
- for a non-root user: only the VMs he/she is
assigned for
So no UI work is required
Templates tab: I think every user can see the templates but the
operations must be restricted for root users. That way the UI need
to disable/remove the actions menu for non-root users.
Storage and Network tabs: Same behavior from template tab
Host tab: Every user can see host info and stats
And packages update, repositories and debug
reports must be restricted for root users.
On 06/27/2014 07:38 AM, Yu Xin Huo wrote:
> *Security Strategy:*
>
> 1. Only handle existing linux users and groups, kimchi is positioned
> to be a virtualization console, will not handle user management which
> is host level admin.
> 2. Two levels of privileges
> root users: console settings and virtualization resources
> management
> full access to 'Host', 'Guests',
'Templates',
> 'Storage', 'Network'
> all root users can see all the guests, templates,
> storage pools and volumes, networks no matter who created it
> for created VMs, assign to non-root users with
> either an admin or user role
> non-root users: manage or use VMs assigned to them
> admin role: edit & delete their VMs
> user role: start, stop, vnc their VMs
> they only have access to 'Guests' tab
> In 'Guests' tab, only list VMs that they have an
> admin or user role
>
> *UI Design:*
>
> root users:
> all current UI will be available.
> for create a VM, add a section to add users with admin or
> user role
> for edit a VM, also has a section for add/remove/change
> users' access
>
> non-root users:
> As only one 'Guest' tab, remove tabs bar and the '+' bar
> Only list VMs that they have a role on
> If the user have 'admin' role, then all current actions available
> if the user have 'user' role, then only actions 'start',
> 'stop', 'vnc' available
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
3825
days inactive
3830
days old
2 comments
2 participants
participants (2)
-
Aline Manera -
Yu Xin Huo