Role Based Access Control for Mistral entities

Registered by Renat Akhmerov on 2014-05-27

We need to be able to isolate objects of different users from each other (workflows, triggers etc.). So need to have a authorisation mechanism (ACL for entities).

The overall picture of accessibility spaces could look like this:

Global space (e.g. workflows for standard situations)
                                               |
Shared Space (e.g. workflows shared by other users)
                                               |
User Space (workflows, triggers etc. belonging to the user)

Blueprint information

Status:
Not started
Approver:
Renat Akhmerov
Priority:
Medium
Drafter:
Renat Akhmerov
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Not started
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/mistral-rbac,n,z

Addressed by: https://review.openstack.org/413791
    Role based resource access control - get workflows

Addressed by: https://review.openstack.org/421190
    Role based resource access control - update workflows

Addressed by: https://review.openstack.org/445889
    Add unit test for deleting workflows by admin

Addressed by: https://review.openstack.org/450121
    Role based resource access control - get executions

Addressed by: https://review.openstack.org/451160
    Role based resource access control - update executions

Addressed by: https://review.openstack.org/451255
    Role based resource access control - delete executions

Gerrit topic: https://review.openstack.org/#q,topic:bug/1679458,n,z

Addressed by: https://review.openstack.org/453020
    Allow admin user to get workflow of other tenants

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.