1:38 p.m.
Hello all,
We should ensure that we have similar names for security concepts in Teiid/Designer/Docs.
Here's where we are coming from:
MetaMatirx pre-5.5
entitlements - general term for applying CRUD permissions to a VDB.
entitlement - a named set of permissions and principles
data-policy - internal name for the permission collection of an entitlement. Internally
these were referenced as policies in a system that resembled JAAS.
permission - an action and target
principle - a user or group identified by a unique name.
MetaMatrix 5.5
data roles - general term for applying CRUD permissions to a VDB, although the term
"entitlements" was still in use in many places.
data role - a named set of permissions and groups - note that this was a restriction of
the possible principles to only groups.
permission - same as before
Teiid Current
same as 5.5.
Moving forward I would propose purging the terms entitlement/entitlements. We should also
correct the vdb-deployer.xsd so that data-policy becomes data-role. Optionally we could
also consider converting the permission element children to attributes to condense the
information a little. These would be a breaking changes, but should be done before the
Designer feature is in place.
Steve
1:23 p.m.
New subject: [teiid-dev] Security nomenclature
On Mon, 2010-08-09 at 14:38 -0400, Steven Hawkins wrote:
Moving forward I would propose purging the terms
entitlement/entitlements. We should also correct the vdb-deployer.xsd
so that data-policy becomes data-role.
The "data-policy" element also has the "mapped-role-name", I thought
calling "data-role" would be confusing, so I called it "data-policy".
Either is fine with me.
Ramesh..
1:38 p.m.
May I propose the following:
VDB Data Roles - Note that these are Teiid and VDB specific. The Data Role modeling is
done in a VDB, not outside the VDB.
Data Role - Contains name, permissions and a list of mapped role names
Permission - (User never sees this in Designer, only the standard CRUD values in a
check-box tree-table)
Mapped Role Names - the list of server-side/admin roles that the VDB Data Role should be
made available to.
I'm OK with changing "data-policy" to "data-role" in the
vdb-deployer.xsd. That's just a name change.
I'd rather not change the Permission structure.
Barry
----- Original Message -----
From: "Steven Hawkins" <shawkins(a)redhat.com>
To: "teiid-designer-dev" <teiid-designer-dev(a)lists.jboss.org>,
"teiid-dev" <teiid-dev(a)lists.jboss.org>
Sent: Monday, August 9, 2010 1:38:38 PM GMT -06:00 US/Canada Central
Subject: [teiid-designer-dev] Security nomenclature
Hello all,
We should ensure that we have similar names for security concepts in Teiid/Designer/Docs.
Here's where we are coming from:
MetaMatirx pre-5.5
entitlements - general term for applying CRUD permissions to a VDB.
entitlement - a named set of permissions and principles
data-policy - internal name for the permission collection of an entitlement. Internally
these were referenced as policies in a system that resembled JAAS.
permission - an action and target
principle - a user or group identified by a unique name.
MetaMatrix 5.5
data roles - general term for applying CRUD permissions to a VDB, although the term
"entitlements" was still in use in many places.
data role - a named set of permissions and groups - note that this was a restriction of
the possible principles to only groups.
permission - same as before
Teiid Current
same as 5.5.
Moving forward I would propose purging the terms entitlement/entitlements. We should also
correct the vdb-deployer.xsd so that data-policy becomes data-role. Optionally we could
also consider converting the permission element children to attributes to condense the
information a little. These would be a breaking changes, but should be done before the
Designer feature is in place.
Steve
_______________________________________________
teiid-designer-dev mailing list
teiid-designer-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/teiid-designer-dev
10:16 a.m.
So we'll update the .xsd to "data-role" and update the docs/config to remove
the term entitlements.
----- Original Message -----
From: "Barry Lafond" <blafond(a)redhat.com>
Cc: "teiid-designer-dev" <teiid-designer-dev(a)lists.jboss.org>
Sent: Tuesday, August 10, 2010 1:38:02 PM GMT -06:00 US/Canada Central
Subject: Re: [teiid-designer-dev] Security nomenclature
May I propose the following:
VDB Data Roles - Note that these are Teiid and VDB specific. The Data Role modeling is
done in a VDB, not outside the VDB.
Data Role - Contains name, permissions and a list of mapped role names
Permission - (User never sees this in Designer, only the standard CRUD values in a
check-box tree-table)
Mapped Role Names - the list of server-side/admin roles that the VDB Data Role should be
made available to.
I'm OK with changing "data-policy" to "data-role" in the
vdb-deployer.xsd. That's just a name change.
I'd rather not change the Permission structure.
Barry
----- Original Message -----
From: "Steven Hawkins" <shawkins(a)redhat.com>
To: "teiid-designer-dev" <teiid-designer-dev(a)lists.jboss.org>,
"teiid-dev" <teiid-dev(a)lists.jboss.org>
Sent: Monday, August 9, 2010 1:38:38 PM GMT -06:00 US/Canada Central
Subject: [teiid-designer-dev] Security nomenclature
Hello all,
We should ensure that we have similar names for security concepts in Teiid/Designer/Docs.
Here's where we are coming from:
MetaMatirx pre-5.5
entitlements - general term for applying CRUD permissions to a VDB.
entitlement - a named set of permissions and principles
data-policy - internal name for the permission collection of an entitlement. Internally
these were referenced as policies in a system that resembled JAAS.
permission - an action and target
principle - a user or group identified by a unique name.
MetaMatrix 5.5
data roles - general term for applying CRUD permissions to a VDB, although the term
"entitlements" was still in use in many places.
data role - a named set of permissions and groups - note that this was a restriction of
the possible principles to only groups.
permission - same as before
Teiid Current
same as 5.5.
Moving forward I would propose purging the terms entitlement/entitlements. We should also
correct the vdb-deployer.xsd so that data-policy becomes data-role. Optionally we could
also consider converting the permission element children to attributes to condense the
information a little. These would be a breaking changes, but should be done before the
Designer feature is in place.
Steve
_______________________________________________
teiid-designer-dev mailing list
teiid-designer-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/teiid-designer-dev
_______________________________________________
teiid-designer-dev mailing list
teiid-designer-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/teiid-designer-dev
5265
days inactive
5267
days old
teiid-designer-dev@lists.jboss.org
4 comments
4 participants
participants (4)
-
Barry Lafond -
John Verhaeg -
Ramesh Reddy -
Steven Hawkins