<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Verdana; font-size: 12pt; color: #000000'>May I propose the following:<br><br><span style="font-weight: bold;">VDB Data Roles</span> - Note that these are Teiid and VDB specific. The Data Role modeling is done in a VDB, not outside the VDB.<br><span style="font-weight: bold;">Data Role</span> - Contains name, permissions and a list of mapped role names<br><span style="font-weight: bold;">Permission</span> - (User never sees this in Designer, only the standard CRUD values in a check-box tree-table)<br><span style="font-weight: bold;">Mapped Role Names</span> - the list of server-side/admin roles that the VDB Data Role should be made available to.<br><br>I'm OK with changing "data-policy" to "data-role" in the vdb-deployer.xsd. That's just a name change.<br><br>I'd rather not change the Permission structure.<br><br>Barry<br><br>----- Original Message -----<br>From: "Steven Hawkins" <shawkins@redhat.com><br>To: "teiid-designer-dev" <teiid-designer-dev@lists.jboss.org>, "teiid-dev" <teiid-dev@lists.jboss.org><br>Sent: Monday, August 9, 2010 1:38:38 PM GMT -06:00 US/Canada Central<br>Subject: [teiid-designer-dev] Security nomenclature<br><br>Hello all,<br><br>We should ensure that we have similar names for security concepts in Teiid/Designer/Docs. Here's where we are coming from:<br><br>MetaMatirx pre-5.5<br><br>entitlements - general term for applying CRUD permissions to a VDB.<br>entitlement - a named set of permissions and principles<br>data-policy - internal name for the permission collection of an entitlement. Internally these were referenced as policies in a system that resembled JAAS.<br>permission - an action and target<br>principle - a user or group identified by a unique name.<br><br>MetaMatrix 5.5<br><br>data roles - general term for applying CRUD permissions to a VDB, although the term "entitlements" was still in use in many places.<br>data role - a named set of permissions and groups - note that this was a restriction of the possible principles to only groups.<br>permission - same as before<br><br>Teiid Current<br><br>same as 5.5.<br><br>Moving forward I would propose purging the terms entitlement/entitlements. We should also correct the vdb-deployer.xsd so that data-policy becomes data-role. Optionally we could also consider converting the permission element children to attributes to condense the information a little. These would be a breaking changes, but should be done before the Designer feature is in place.<br><br>Steve<br>_______________________________________________<br>teiid-designer-dev mailing list<br>teiid-designer-dev@lists.jboss.org<br>https://lists.jboss.org/mailman/listinfo/teiid-designer-dev<br></div></body></html>