[Kimchi-devel] RFC: Security Model & UI Design
Aline Manera
alinefm at linux.vnet.ibm.com
Wed Jul 2 11:50:16 UTC 2014
On 07/01/2014 10:46 PM, Aline Manera wrote:
>
> Thanks for the write up, Yu Xin!
> I agree this is our final goal but as it involves a lot of work I want
> to split it in small tasks in a way we can accommodate some of those
> in the 1.3 release
>
> I'd say the first goal should be properly differ root and non-root
> users and allow a root user set non-root users to a specific VM. For
> then we add the admin and user roles.
>
> 1) Allow a root user specific users and groups for a VM *(for 1.3
> release)*
> Basically a API like:
> PUT /vms/<name>/ {users: [user1, user2], groups: [groupA, groupB]}
>
> 2) Differ root from non-root users *(for 1.3 release)*
> A root user can do and see everything in Kimchi
> A non-root user can only manage the VMs a root user assigned to
> him/her
>
> 3) Create admin and user role as you described below
>
> Regarding the UI:
> 1) We need to provide a way to user specify users and groups for a VM
> VM Edit?
>
> So we can list system users and groups and user select which ones
> to add to a VM
>
> 2) A non-root user will never be able to create new resources (so we +
> icon must be removed from its view)
> Guests tab: the backend will return the right VM list according to
> the logged user
> - for a root user: all the VMs
> - for a non-root user: only the VMs he/she is
> assigned for
> So no UI work is required
>
> Templates tab: I think every user can see the templates but the
> operations must be restricted for root users. That way the UI need
> to disable/remove the actions menu for non-root users.
>
> Storage and Network tabs: Same behavior from template tab
>
> Host tab: Every user can see host info and stats
> And packages update, repositories and debug
> reports must be restricted for root users.
>
> On 06/27/2014 07:38 AM, Yu Xin Huo wrote:
>> *Security Strategy:*
>>
>> 1. Only handle existing linux users and groups, kimchi is positioned
>> to be a virtualization console, will not handle user management which
>> is host level admin.
>> 2. Two levels of privileges
>> root users: console settings and virtualization resources
>> management
>> full access to 'Host', 'Guests', 'Templates',
>> 'Storage', 'Network'
>> all root users can see all the guests, templates,
>> storage pools and volumes, networks no matter who created it
>> for created VMs, assign to non-root users with
>> either an admin or user role
>> non-root users: manage or use VMs assigned to them
>> admin role: edit & delete their VMs
>> user role: start, stop, vnc their VMs
>> they only have access to 'Guests' tab
>> In 'Guests' tab, only list VMs that they have an
>> admin or user role
>>
>> *UI Design:*
>>
>> root users:
>> all current UI will be available.
>> for create a VM, add a section to add users with admin or
>> user role
>> for edit a VM, also has a section for add/remove/change
>> users' access
>>
>> non-root users:
>> As only one 'Guest' tab, remove tabs bar and the '+' bar
>> Only list VMs that they have a role on
>> If the user have 'admin' role, then all current actions available
>> if the user have 'user' role, then only actions 'start',
>> 'stop', 'vnc' available
>>
>>
>> _______________________________________________
>> Kimchi-devel mailing list
>> Kimchi-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140702/e597b941/attachment.html>
More information about the Kimchi-devel
mailing list