May I propose the following:
VDB Data Roles - Note that these are Teiid and VDB specific. The Data Role modeling is
done in a VDB, not outside the VDB.
Data Role - Contains name, permissions and a list of mapped role names
Permission - (User never sees this in Designer, only the standard CRUD values in a
check-box tree-table)
Mapped Role Names - the list of server-side/admin roles that the VDB Data Role should be
made available to.
I'm OK with changing "data-policy" to "data-role" in the
vdb-deployer.xsd. That's just a name change.
I'd rather not change the Permission structure.
Barry
----- Original Message -----
From: "Steven Hawkins" <shawkins(a)redhat.com>
To: "teiid-designer-dev" <teiid-designer-dev(a)lists.jboss.org>,
"teiid-dev" <teiid-dev(a)lists.jboss.org>
Sent: Monday, August 9, 2010 1:38:38 PM GMT -06:00 US/Canada Central
Subject: [teiid-designer-dev] Security nomenclature
Hello all,
We should ensure that we have similar names for security concepts in Teiid/Designer/Docs.
Here's where we are coming from:
MetaMatirx pre-5.5
entitlements - general term for applying CRUD permissions to a VDB.
entitlement - a named set of permissions and principles
data-policy - internal name for the permission collection of an entitlement. Internally
these were referenced as policies in a system that resembled JAAS.
permission - an action and target
principle - a user or group identified by a unique name.
MetaMatrix 5.5
data roles - general term for applying CRUD permissions to a VDB, although the term
"entitlements" was still in use in many places.
data role - a named set of permissions and groups - note that this was a restriction of
the possible principles to only groups.
permission - same as before
Teiid Current
same as 5.5.
Moving forward I would propose purging the terms entitlement/entitlements. We should also
correct the vdb-deployer.xsd so that data-policy becomes data-role. Optionally we could
also consider converting the permission element children to attributes to condense the
information a little. These would be a breaking changes, but should be done before the
Designer feature is in place.
Steve
_______________________________________________
teiid-designer-dev mailing list
teiid-designer-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/teiid-designer-dev