[katello-devel] Four default roles
Brad Buckingham
bbuckingham at redhat.com
Fri Jul 1 13:28:33 UTC 2011
On 07/01/2011 08:23 AM, Lukas Zapletal wrote:
> On 07/01/2011 02:15 PM, Todd B Sanders wrote:
>>
>> Not sure I follow this user or role, can you elaborate?
>
> Sure, Anonymous role and anonymous user is just a technical thing.
> When user is logged out he still needs to see notifications ("You have
> been logged out" or "Invalid username or password").
>
> I could add special rules to all the places where authorization must
> be bypassed, or I could add special "nobody" role that is always used
> when there is no user (no session was created yet). I took the latter
> approach - it also allows us to define "public" parts of the Katello
> which are available without any credentials (if we want to).
>
>> Are these roles going to be populated in the DB upon initial install by
>> an end user? If so, then we should hide internal-use roles (i.e.
>> Candlepin) if they are required for system operation. Otherwise,
>> accidental deletion is an issue.
>
> Good point. Maybe we could create "system" or "hidden" flag, hide them
> all from the UI and use this one for self-roles as well. Brad do you
> think it is feasible?
>
> LZ
>
Lukas,
Thanks for the enhancements.
It is definitely feasible. Unless anyone objects, I can enhance katello
to support hiding internal roles.
Right now, it seems we have the following types of roles:
- user defined (e.g. created in Roles UI)
- self-role - internally created/destroyed, but permissions CRUD
supported through user
- internal role - roles needed by katello to support things like candlepin
Do we also envision a need in the future for an internal role (one that
is created/destroyed by katello (not the user)) and that should be
viewable from the Role UI (read-only)?
thanks,
Brad
More information about the katello-devel
mailing list