[teiid-designer-dev] Security nomenclature
Steven Hawkins
shawkins at redhat.com
Wed Aug 11 11:16:53 EDT 2010
So we'll update the .xsd to "data-role" and update the docs/config to remove the term entitlements.
----- Original Message -----
From: "Barry Lafond" <blafond at redhat.com>
Cc: "teiid-designer-dev" <teiid-designer-dev at lists.jboss.org>
Sent: Tuesday, August 10, 2010 1:38:02 PM GMT -06:00 US/Canada Central
Subject: Re: [teiid-designer-dev] Security nomenclature
May I propose the following:
VDB Data Roles - Note that these are Teiid and VDB specific. The Data Role modeling is done in a VDB, not outside the VDB.
Data Role - Contains name, permissions and a list of mapped role names
Permission - (User never sees this in Designer, only the standard CRUD values in a check-box tree-table)
Mapped Role Names - the list of server-side/admin roles that the VDB Data Role should be made available to.
I'm OK with changing "data-policy" to "data-role" in the vdb-deployer.xsd. That's just a name change.
I'd rather not change the Permission structure.
Barry
----- Original Message -----
From: "Steven Hawkins" <shawkins at redhat.com>
To: "teiid-designer-dev" <teiid-designer-dev at lists.jboss.org>, "teiid-dev" <teiid-dev at lists.jboss.org>
Sent: Monday, August 9, 2010 1:38:38 PM GMT -06:00 US/Canada Central
Subject: [teiid-designer-dev] Security nomenclature
Hello all,
We should ensure that we have similar names for security concepts in Teiid/Designer/Docs. Here's where we are coming from:
MetaMatirx pre-5.5
entitlements - general term for applying CRUD permissions to a VDB.
entitlement - a named set of permissions and principles
data-policy - internal name for the permission collection of an entitlement. Internally these were referenced as policies in a system that resembled JAAS.
permission - an action and target
principle - a user or group identified by a unique name.
MetaMatrix 5.5
data roles - general term for applying CRUD permissions to a VDB, although the term "entitlements" was still in use in many places.
data role - a named set of permissions and groups - note that this was a restriction of the possible principles to only groups.
permission - same as before
Teiid Current
same as 5.5.
Moving forward I would propose purging the terms entitlement/entitlements. We should also correct the vdb-deployer.xsd so that data-policy becomes data-role. Optionally we could also consider converting the permission element children to attributes to condense the information a little. These would be a breaking changes, but should be done before the Designer feature is in place.
Steve
_______________________________________________
teiid-designer-dev mailing list
teiid-designer-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/teiid-designer-dev
_______________________________________________
teiid-designer-dev mailing list
teiid-designer-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/teiid-designer-dev
More information about the teiid-designer-dev
mailing list