Hi,
One possible solution is to have "users" and
"organizations", a la
Github. Users can be part of zero or more organizations and
organizations have one or more members. Data (git repos or resources)
belongs to either an user or an organization.
I think I like this idea.
- ->
http://user:password@hawkular/resource/{resourceId}/metrics
all metrics for this specific resource, if the resource belongs to
the user or to an organization where the user is a member of
How would we model the user / org stuff? Well, that could probably
just become a part of inventory
Question is though: if a user has his own pet server and works as
part of an org. Do we want to prevent "leaking" org data to the private
project? Or is that purely up to the user?
For this scenario, I think the UI could be built with a
"context
switcher". This way, the user would have access to a dashboard with
resources from his main account and could switch to a dashboard with
resources from an organization. The backend, though, would not have
such a notion of "context". Either the user has access to the resource
or not (via the main account or via an organization).
Wouldn't the backend still need to know the context - and if only for
performance reason when the user wants to only see his personal resources?
The main disadvantage of this is that we have to also care about the
authorization, as we cannot rely on permission data coming from Keycloak.
Well, I guess a good deal of authorization needs to be done in some custom
code anyway and would not be covered by stock-JAAS, so it may not be that bad.
Heiko