Re: [teiid-dev] Defining Data Roles
On Mon, 2010-02-08 at 11:55 -0500, Ken Johnson wrote:
> No, the role references will be created in the Designer, and
those
> references will be mapped to actual roles in the JON/JOPR. In the
> absence of this mapping, runtime will try to use the reference name
as
> actual name. This will help us through testing at design time with
out
> use of another tool to configure these details.
>
It might be useful for this to be configurable behavior. In dev,
perhaps you want to run without security and no-mapping scenarios
should
be ignored or defaulted. In test/prod, you may want an error if a
role
reference is not explicitly mapped.
Good point, will take this into account.
> Creation of a user or creation of role is not the functionality of
this
> module, those should be handled by who ever handles security
domains.
> Currently I do not see this in the JOPR tool, that is something we
need
> to open a dialog with JOPR team and see where this is on their
roadmap.
>
The question is who "owns" the group-role and role->reference mapping
information, from both a UI and persistence perspective.
Currently general security is container's functionality through
picketlink project. So, in general we would like this functionality
container wide. As per the specific VDB data role mapping Teiid would
own it.
Ramesh..