[katello-devel] Four default roles

Brad Buckingham bbuckingham at redhat.com
Fri Jul 1 13:28:33 UTC 2011


On 07/01/2011 08:23 AM, Lukas Zapletal wrote:
> On 07/01/2011 02:15 PM, Todd B Sanders wrote:
>>
>> Not sure I follow this user or role, can you elaborate?
>
> Sure, Anonymous role and anonymous user is just a technical thing. 
> When user is logged out he still needs to see notifications ("You have 
> been logged out" or "Invalid username or password").
>
> I could add special rules to all the places where authorization must 
> be bypassed, or I could add special "nobody" role that is always used 
> when there is no user (no session was created yet). I took the latter 
> approach - it also allows us to define "public" parts of the Katello 
> which are available without any credentials (if we want to).
>
>> Are these roles going to be populated in the DB upon initial install by
>> an end user?  If so, then we should hide internal-use roles (i.e.
>> Candlepin) if they are required for system operation.  Otherwise,
>> accidental deletion is an issue.
>
> Good point. Maybe we could create "system" or "hidden" flag, hide them 
> all from the UI and use this one for self-roles as well. Brad do you 
> think it is feasible?
>
> LZ
>
Lukas,

Thanks for the enhancements.

It is definitely feasible.  Unless anyone objects, I can enhance katello 
to support hiding internal roles.

Right now, it seems we have the following types of roles:
- user defined (e.g. created in Roles UI)
- self-role - internally created/destroyed, but permissions CRUD 
supported through user
- internal role - roles needed by katello to support things like candlepin

Do we also envision a need in the future for an internal role (one that 
is created/destroyed by katello (not the user)) and that should be 
viewable from the Role UI (read-only)?

thanks,
Brad




More information about the katello-devel mailing list