On Tue, Aug 04, 2015 at 05:01:26PM +0200, Jiri Denemark wrote:
Creating ACL rules is not exactly easy and existing examples are pretty simple. This patch adds a somewhat complex example which defines three roles (user, operator, admin) with different permissions.
+/* Basic operations and monitoring. */ +var user = new Role("user"); +user.users = ["user1", "user2", "user3"]; +user.groups = ["group1", "group2"]; + +/* Same as users plus some privileged operations. */ +var operator = new Role("operator"); +operator.users = ["powerUser1", "powerUser2"]; +operator.groups = ["powerGroup1", "powerGroup2", "powerGroup3"]; + +/* Full access. */ +var admin = new Role("admin"); +admin.users = ["adminUser1"]; +admin.groups = ["adminGroup1"];
What is the aim in differentiating operator vs admin ?
+operator.actions = [ + "domain.delete", + "domain.migrate", + "domain.read-secure", + "domain.write",
Once you give out domain.write (or any other $object.write) to the operator, it is pretty much game over for security - they'd be able to elevate privileges to admin without any real trouble.
+ "network.delete", + "network.getattr", + "network.read", + "network.save", + "network.start", + "network.stop", + "network.write", + "nwfilter.delete", + "nwfilter.getattr", + "nwfilter.read", + "nwfilter.save", + "nwfilter.write", + "secret.delete", + "secret.getattr", + "secret.read", + "secret.read-secure", + "secret.save", + "secret.write", + "storage-pool.refresh", + "storage-vol.create", + "storage-vol.data-read", + "storage-vol.data-write", + "storage-vol.delete", + "storage-vol.format", + "storage-vol.getattr", + "storage-vol.read", + "storage-vol.resize" +];
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|