[Engine-devel] Permissions involved in using REST API
Jonathan Daugherty
jtd at galois.com
Mon Nov 11 18:08:21 UTC 2013
> the main difference between an 'admin' and a 'user' is that admin has
> read-only permission to see all objects in the system, and a user can
> only see objects they have permissions on.
But this distinction does not apply to API access, apparently; regular
users cannot access the API at all as far as I can tell. I wouldn't
mind giving API users 'admin' status if that's what it takes, but I'm
concerned about the meaning of 'admin' changing in the future.
I think the trouble here is that by doing it this way oVirt is presuming
what the access policy is by baking rights into the 'admin' status. On
a site-by-site basis the definition of 'admin' is going to vary.
Thanks,
--
Jonathan Daugherty
Software Engineer
Galois, Inc.
More information about the Engine-devel
mailing list