[Kimchi-devel] RFC: Security Model & UI Design
Yu Xin Huo
huoyuxin at linux.vnet.ibm.com
Fri Jun 27 10:38:54 UTC 2014
*Security Strategy:*
1. Only handle existing linux users and groups, kimchi is positioned to
be a virtualization console, will not handle user management which is
host level admin.
2. Two levels of privileges
root users: console settings and virtualization resources
management
full access to 'Host', 'Guests', 'Templates',
'Storage', 'Network'
all root users can see all the guests, templates,
storage pools and volumes, networks no matter who created it
for created VMs, assign to non-root users with
either an admin or user role
non-root users: manage or use VMs assigned to them
admin role: edit & delete their VMs
user role: start, stop, vnc their VMs
they only have access to 'Guests' tab
In 'Guests' tab, only list VMs that they have an
admin or user role
*UI Design:*
root users:
all current UI will be available.
for create a VM, add a section to add users with admin or user role
for edit a VM, also has a section for add/remove/change users'
access
non-root users:
As only one 'Guest' tab, remove tabs bar and the '+' bar
Only list VMs that they have a role on
If the user have 'admin' role, then all current actions available
if the user have 'user' role, then only actions 'start',
'stop', 'vnc' available
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140627/cdbc653d/attachment.html>
More information about the Kimchi-devel
mailing list