[RFC] Changing the authorization level for /system and /model

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[RFC] Changing the authorization level for /system and /model

frenchyan
Administrator
Currently the level of authorization for /system (changing which one is the current system model or editing it) and /model (uploading a new model) is "admin"

One issue that popped up at LinkedIn focus group is the fact that in order to load a model you need to be admin and as a result you have access to everything, including the encryption layer or adding/removing users.

It seems that /system and /model should be RELEASE instead of ADMIN.

I would also like to make that entirely configurable (meaning outside the war file) so that it can be tweaked without having to build the code.

Any feedback?

Thanks
Tan
Reply | Threaded
Open this post in threaded view
|

Re: [RFC] Changing the authorization level for /system and /model

elutfallah
We definitely like the fact that the release user can't change the model. That way, we have people that can execute approved changes but can't make changes to the model.

Maybe another user type in between release and admin?

It would be nice if you define all the functions that a user can perform and allow for selection per user. Something like:

[] execute plan
[] modify system
[] modify model
[] modify users
[] modify fabrics
[] modify keys
[] archive plans
[] upgrade agents

and so on.