THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Page History
...
- Annotations use in the API
- CloudStack API Coding Guidelines
- CloudStack general Coding conventions
- CloudStack Identity and Access Management (IAM) Plugin
How to set API permissions
What happens to commands.properties and @APICommand(authorized=) annotation after adding the IAM feature? No changes, they work as they used to.
- Use the commands.properties and 'authorized' mechanism to specify who can invoke the API.
- IAM service will read these permissions from both inputs and load it to the DB, So any change to commands.properties file should take effect on a restart as it used to be.
- However remember both of them allow setting permissions for CloudStack's default policies only. (User/Resource Domain Admin/Domain Admins/Root Admin Policy)
- Custom Policies: While IAM feature will support creating custom policies, the permissions for these custom policies need to be set separately using the IAM APIs
IAM for the API and Service layer (entity permissions)
Following guidelines should be followed while adding a new API to CloudStack inorder to ensure correct access control is weaved into the logic for all the entities involved.
...
Overview
Content Tools
Apps