You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by Josh Thompson <jo...@ncsu.edu> on 2010/11/03 18:59:18 UTC
add manageMapping resource attribute to control resource mapping
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd like to add a new resource attribute for the resource group section of the
privileges that would be used to control access to mapping resources. As
things are now (using images/computers as an example), a user must have these
rights at a node with corresponding resource groups attributes to control
image group to computer group mapping:
user: imageAdmin
resource: image group: manageGroup
user: computerAdmin
resource: computer group: manageGroup
However, this also grants the user access to control which images are in the
image group and to control which computers are in the computer group.
I'd like to add a new resource attribute that is called manageMapping that
would allow access to resource mapping to be controlled separately from
resource grouping. The benefit of this is that fewer computer groups can be
used. Currently, if you want someone to be able to create their own image
groups and map them to computer groups, then you have to create duplicate
computer groups if you want to make sure they don't have access to remove
computers from existing computer groups (which could end up making a computer
unavailable because it might not be in any computer groups).
Using this new attribute would make the above look like this:
user: imageAdmin
resource: image group: manageMapping
user: computerAdmin
resource: computer group: manageMapping
and would not result in the user being able to control which images were in
the image group and which computers were in the computer group.
I'd like to hear feedback from the community on this to see what others think.
Thanks,
Josh
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAkzRovoACgkQV/LQcNdtPQMfSwCdEWoRgdlYeBN1RFs/84XE4FV0
XOEAn3Mif3ZbzNAHHv7vqv52h8JiQsPx
=5Ir8
-----END PGP SIGNATURE-----
Re: add manageMapping resource attribute to control resource mapping
Posted by Alexander Patterson <al...@csueastbay.edu>.
I think this is a great idea and would be a welcome change to VCL. I'm sure
we would use this for professors who want to manage their own groups and not
have full privileges.
-Alex
+1
On Thu, Nov 4, 2010 at 5:35 AM, Waldron, Michael H
<mw...@email.unc.edu>wrote:
> Josh,
>
> I like your idea. It's always good to be able to give out only as much
> privilege as necessary.
>
> Mike
>
> Mike Waldron
> Systems Specialist
> ITS Research Computing
> University of North Carolina at Chapel Hill
> CB 3420, ITS Manning, Rm 2509
> 919-962-9778
>
>
> -----Original Message-----
> From: Josh Thompson [mailto:josh_thompson@ncsu.edu]
> Sent: Wednesday, November 03, 2010 1:59 PM
> To: vcl-dev@incubator.apache.org
> Subject: add manageMapping resource attribute to control resource mapping
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'd like to add a new resource attribute for the resource group section of
> the
> privileges that would be used to control access to mapping resources. As
> things are now (using images/computers as an example), a user must have
> these
> rights at a node with corresponding resource groups attributes to control
> image group to computer group mapping:
>
> user: imageAdmin
> resource: image group: manageGroup
> user: computerAdmin
> resource: computer group: manageGroup
>
> However, this also grants the user access to control which images are in
> the
> image group and to control which computers are in the computer group.
>
> I'd like to add a new resource attribute that is called manageMapping that
> would allow access to resource mapping to be controlled separately from
> resource grouping. The benefit of this is that fewer computer groups can
> be
> used. Currently, if you want someone to be able to create their own image
> groups and map them to computer groups, then you have to create duplicate
> computer groups if you want to make sure they don't have access to remove
> computers from existing computer groups (which could end up making a
> computer
> unavailable because it might not be in any computer groups).
>
> Using this new attribute would make the above look like this:
>
> user: imageAdmin
> resource: image group: manageMapping
> user: computerAdmin
> resource: computer group: manageMapping
>
> and would not result in the user being able to control which images were in
> the image group and which computers were in the computer group.
>
> I'd like to hear feedback from the community on this to see what others
> think.
>
> Thanks,
> Josh
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
>
> iEYEARECAAYFAkzRovoACgkQV/LQcNdtPQMfSwCdEWoRgdlYeBN1RFs/84XE4FV0
> XOEAn3Mif3ZbzNAHHv7vqv52h8JiQsPx
> =5Ir8
> -----END PGP SIGNATURE-----
>
--
Thanks,
Alex Patterson
User Support Services
Operating System Analyst
California State University, East Bay
RE: add manageMapping resource attribute to control resource mapping
Posted by "Waldron, Michael H" <mw...@email.unc.edu>.
Josh,
I like your idea. It's always good to be able to give out only as much privilege as necessary.
Mike
Mike Waldron
Systems Specialist
ITS Research Computing
University of North Carolina at Chapel Hill
CB 3420, ITS Manning, Rm 2509
919-962-9778
-----Original Message-----
From: Josh Thompson [mailto:josh_thompson@ncsu.edu]
Sent: Wednesday, November 03, 2010 1:59 PM
To: vcl-dev@incubator.apache.org
Subject: add manageMapping resource attribute to control resource mapping
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd like to add a new resource attribute for the resource group section of the
privileges that would be used to control access to mapping resources. As
things are now (using images/computers as an example), a user must have these
rights at a node with corresponding resource groups attributes to control
image group to computer group mapping:
user: imageAdmin
resource: image group: manageGroup
user: computerAdmin
resource: computer group: manageGroup
However, this also grants the user access to control which images are in the
image group and to control which computers are in the computer group.
I'd like to add a new resource attribute that is called manageMapping that
would allow access to resource mapping to be controlled separately from
resource grouping. The benefit of this is that fewer computer groups can be
used. Currently, if you want someone to be able to create their own image
groups and map them to computer groups, then you have to create duplicate
computer groups if you want to make sure they don't have access to remove
computers from existing computer groups (which could end up making a computer
unavailable because it might not be in any computer groups).
Using this new attribute would make the above look like this:
user: imageAdmin
resource: image group: manageMapping
user: computerAdmin
resource: computer group: manageMapping
and would not result in the user being able to control which images were in
the image group and which computers were in the computer group.
I'd like to hear feedback from the community on this to see what others think.
Thanks,
Josh
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAkzRovoACgkQV/LQcNdtPQMfSwCdEWoRgdlYeBN1RFs/84XE4FV0
XOEAn3Mif3ZbzNAHHv7vqv52h8JiQsPx
=5Ir8
-----END PGP SIGNATURE-----
Re: add manageMapping resource attribute to control resource mapping
Posted by "Creech, David" <CR...@ecu.edu>.
I definitely think this is a great idea. Gives the faculty/staff members
more privileges but not *too* many privileges that they can cause other
issues.
David Creech
Technology Support Specialist
Computer Lab Coordinator
ITCS - Academic Computing
Austin Building - 102
East Carolina University
252-328-9544
creechd@ecu.edu
On 11/3/10 1:59 PM, "Josh Thompson" <jo...@ncsu.edu> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I'd like to add a new resource attribute for the resource group section
>of the
>privileges that would be used to control access to mapping resources. As
>things are now (using images/computers as an example), a user must have
>these
>rights at a node with corresponding resource groups attributes to control
>image group to computer group mapping:
>
>user: imageAdmin
>resource: image group: manageGroup
>user: computerAdmin
>resource: computer group: manageGroup
>
>However, this also grants the user access to control which images are in
>the
>image group and to control which computers are in the computer group.
>
>I'd like to add a new resource attribute that is called manageMapping
>that
>would allow access to resource mapping to be controlled separately from
>resource grouping. The benefit of this is that fewer computer groups can
>be
>used. Currently, if you want someone to be able to create their own
>image
>groups and map them to computer groups, then you have to create duplicate
>computer groups if you want to make sure they don't have access to remove
>computers from existing computer groups (which could end up making a
>computer
>unavailable because it might not be in any computer groups).
>
>Using this new attribute would make the above look like this:
>
>user: imageAdmin
>resource: image group: manageMapping
>user: computerAdmin
>resource: computer group: manageMapping
>
>and would not result in the user being able to control which images were
>in
>the image group and which computers were in the computer group.
>
>I'd like to hear feedback from the community on this to see what others
>think.
>
>Thanks,
>Josh
>- --
>- -------------------------------
>Josh Thompson
>VCL Developer
>North Carolina State University
>
>my GPG/PGP key can be found at pgp.mit.edu
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v2.0.16 (GNU/Linux)
>
>iEYEARECAAYFAkzRovoACgkQV/LQcNdtPQMfSwCdEWoRgdlYeBN1RFs/84XE4FV0
>XOEAn3Mif3ZbzNAHHv7vqv52h8JiQsPx
>=5Ir8
>-----END PGP SIGNATURE-----