[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Ovirt-devel] [PATCH 4/6] hardware_pool: search by path



David Lutterkort wrote:
On Tue, 2008-08-26 at 10:11 -0400, Scott Seago wrote:
I'm assuming the path-based pool lookup is just an alternate method of getting this from your API, as the id-based ones will all still work. I just realized that full path-based lookup will only work for users that have read permissions on the whole hierarchy. A user with lower-level permissions only (i.e. only read permissions for pools under '/default/engineering/qa' and write permissions for subpools below that) won't even see the top level pool.

I think that permissioning scheme is fundamentally flawed; at the very
least, any user that has permission on some pool should at least be
allowed to know about the existence of pools above "their" pools - they
may not be able to view any info about them, but at the very least, they
should know that they are there.

Not necessarily. Consider the cloud computing model... The admins might know about the fact that there are hardware pools, but should a user of a VM even know that there is such a thing as a hardware pool? To them the hardware pools should be completely hidden in the UI, including the tree view.

Perry


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]