| Name | Description | <Reject/Accept> |
|---|---|---|
| Restricting access to server groups | Configuration: Server groups: "production", "staging". roles: "admin", "developer"
Goal: Restrict access to the production group to the "admin" role in to prevent messing with the production system
Implications: Server groups are part of the model but also a logical concept. I.e. restricting access to a group does imply preventing access to conceptually related entities like servers, deployments, etc. | |
| Support clients & tools that provide their own security model | Configuration: See JON User Guide
Goal: Allow interaction with systems that provide their own authorization scheme
Implications: Systems like JON, that provide their own scheme currently can only operate the super user level | |
| Restrict visibility of attributes | Suppress attributes on responses, i.e. read-resource | arguable |
| Restrict visibility of operations | Suppress operations on reponses, i.e. read-operation-names | arguable |
| Prevent execution of operations | Execution of operations with permissions yields a security exception |
Comments