Dynamic product features according to tenants #18100
Comments
lpichler
changed the title
|
Little concerned about relying upon Is there an alternative way to populating these tables that does not rely upon seed? |
|
@lpichler This is a really tricky problem Libor Is it possible to come up with a different RBAC rule to say you have privileges only below you (and not including you?) Although, our privileges tend to be per model, and I'm not sure how this will integrate here |
I need to think about it but maybe it is already accomplished now -(1a) seeding is done here just for populating data for existing tenants (what it is needed for upgrade) other populating data are tied with tenant creation. (1a) so as you are saying
2a) This comment is related to your comment 1) or are your referring to something new ? please clarify to me this first to avoid misunderstanding and we can continue with discussion |
I wonder if it makes sense to come up Not sure if this would work (from a business perspective) but doesn't seem too hard from a technological perspective. And it would simplify the ui / remove the need to add any of the per tenant records/privileges. |
|
This issue has been automatically marked as stale because it has not been updated for at least 6 months. If you can still reproduce this issue on the current release or on Thank you for all your contributions! |
|
@lpichler this is a little stale. If we provided the child down access - would that resolve the need to have each provider in the features access list? |
|
I was never thrilled with the idea of having dynamic filters. Especially when it looked like a pure tenant scoping/nesting pattern |
It doesn't look to me like that we can do it with using any scoping because the request is to have possibility to set product feature for selected tenants. @kbrock does this cover your questions ? |
|
@lpichler I don't fully understand why it wouldn't work, but I'll trust your expertise. What more do we need to do with this PR? |
|
This issue has been automatically marked as stale because it has not been updated for at least 3 months. If you can still reproduce this issue on the current release or on Thank you for all your contributions! More information about the ManageIQ triage process can be found in the traige process documentation. |
|
@lpichler Can this be closed at this point? If not, please open a separate issue for the remaining work. Thx |
|
Yes it can be closed, I will review it and I will open issue if needed, maybe it could be simplified. |
Goal ⚽
We need to be able accomplish this request: "Enable this concrete product feature only for tenants X,Y in any user"
NOTE: product feature - is permission to allow user perform any operation like a add, edit, copy, delete, ...
New names
Tenant Root Feature
Dynamic Tenant Product Feature
How 💡
We have user's roles and we have defined tree of product features independently on tenants.
This work is introducing dynamically defined product features according to tenants.
Let's assume that we have this ability for product feature Edit Dialog - so it will dynamically generate subtree for this product feature:
Dynamic subtree is fully synchronised with tree of tenants for all stated tenant product features, when tenant is:
MiqProductFeature.seed)Implementation
Scenario
Users's role
user 1 cannot edit service dialog
user 2 can edit service dialog
How to use this feature
MiqProductFeature#TENANT_FEATURE_ROOT_IDENTIFIERSLinks
https://bugzilla.redhat.com/show_bug.cgi?id=1297415 (service dialogs)
https://bugzilla.redhat.com/show_bug.cgi?id=1468795 (tenant quotas)
PRs - sequence for merge
Add specs for tenant product feature in tree node manageiq-ui-classic#4780 (UI - icon)other usage
Additional Fixes
The text was updated successfully, but these errors were encountered: