Versions Compared

Old Version 10

changes.mady.by.user Prachi Damle

Saved on

compared with

New Version 11

changes.mady.by.user Prachi Damle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • create APIs : one needs @ACL(accessType = AccessType.UseEntry) on all the entities required to be used for creating the desired new entity
  • update/delete APIs: These modify or operate on an entity and change its state. @ACL(accessType = AccessType.OperateEntry) should be used in these APIs on the parameter that identifies the main entity being modified.

 

border
Section
Code Block
true
Example:

DeployVMCmd:  This is a create API: Add @ACL(accessType = AccessType.UseEntry access for all entities like template, network

Start/Stop/Reboot/Destroy/AttachXXXTOVM: These are the update/delete APIs. Add @ACL(accessType = AccessType.OperateEntry) access for VM ID parameter that identifies the VM entity being operated on

 

IAM At Service Layer:

CS Service layer logic uses  "accountManager.checkAccess" to invoke the SecurityCheckers to do access control. Instead, one should try to use @ACL annotation on the API parameters that have to be checked for access.

...