| cardoe | So not throwing this on the PTG page cause I'm not sure if I want to bring this up at the TC first but I think we might want to revisit the RBAC bits from a persona stand point. | 22:11 |
|---|---|---|
| cardoe | Like we've had these conversations before if certain operations should be allowed or not. | 22:12 |
| cardoe | I do think what we'll see is separate policies for different use cases. | 22:12 |
| cardoe | But to give a clearer example. I've got the concept of an "admin" who would have powers over the whole Ironic but then I've got a "hardware admin" and in this case I'm giving them the admin role inside of the project that owns the baremetal nodes. | 22:14 |
| cardoe | Then I've got leasees that can do other operations to their hardware. But a leasee can have read-only or they can have some form of read/write. | 22:15 |
| cardoe | But for a stand alone Ironic case, you don't care about any of these roles. | 22:15 |
| cardoe | Would it make sense to write something up to that effect as to these different personas? | 22:15 |
| cardoe | Reason I say at the TC level is cause there's multiple projects I'd like to touch. | 22:15 |
| cardoe | e.g. there's no real way to query placement policy wise to see how many ironic nodes I've got that match a certain resource_class & trait. But I would like to have some of those personas see that. | 22:17 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!