[Hawkular-dev] define: tenant
Heiko W.Rupp
hrupp at redhat.com
Wed Feb 4 11:00:26 EST 2015
Hi,
> One possible solution is to have "users" and "organizations", a la
> Github. Users can be part of zero or more organizations and
> organizations have one or more members. Data (git repos or resources)
> belongs to either an user or an organization.
I think I like this idea.
>
> - -> http://user:password@hawkular/resource/{resourceId}/metrics
> all metrics for this specific resource, if the resource belongs to
> the user or to an organization where the user is a member of
How would we model the user / org stuff? Well, that could probably
just become a part of inventory
Question is though: if a user has his own pet server and works as
part of an org. Do we want to prevent "leaking" org data to the private
project? Or is that purely up to the user?
> For this scenario, I think the UI could be built with a "context
> switcher". This way, the user would have access to a dashboard with
> resources from his main account and could switch to a dashboard with
> resources from an organization. The backend, though, would not have
> such a notion of "context". Either the user has access to the resource
> or not (via the main account or via an organization).
Wouldn't the backend still need to know the context - and if only for
performance reason when the user wants to only see his personal resources?
>
> The main disadvantage of this is that we have to also care about the
> authorization, as we cannot rely on permission data coming from Keycloak.
Well, I guess a good deal of authorization needs to be done in some custom
code anyway and would not be covered by stock-JAAS, so it may not be that bad.
Heiko
More information about the hawkular-dev
mailing list