[teiid-dev] Security nomenclature
Steven Hawkins
shawkins at redhat.com
Mon Aug 9 14:38:38 EDT 2010
Hello all,
We should ensure that we have similar names for security concepts in Teiid/Designer/Docs. Here's where we are coming from:
MetaMatirx pre-5.5
entitlements - general term for applying CRUD permissions to a VDB.
entitlement - a named set of permissions and principles
data-policy - internal name for the permission collection of an entitlement. Internally these were referenced as policies in a system that resembled JAAS.
permission - an action and target
principle - a user or group identified by a unique name.
MetaMatrix 5.5
data roles - general term for applying CRUD permissions to a VDB, although the term "entitlements" was still in use in many places.
data role - a named set of permissions and groups - note that this was a restriction of the possible principles to only groups.
permission - same as before
Teiid Current
same as 5.5.
Moving forward I would propose purging the terms entitlement/entitlements. We should also correct the vdb-deployer.xsd so that data-policy becomes data-role. Optionally we could also consider converting the permission element children to attributes to condense the information a little. These would be a breaking changes, but should be done before the Designer feature is in place.
Steve
More information about the teiid-dev
mailing list