Role Based Access Control for Mistral entities

Registered by Renat Akhmerov

We need to be able to isolate objects of different users from each other (workflows, triggers etc.). So need to have a authorisation mechanism (ACL for entities).

The overall picture of accessibility spaces could look like this:

Global space (e.g. workflows for standard situations)
                                               |
Shared Space (e.g. workflows shared by other users)
                                               |
User Space (workflows, triggers etc. belonging to the user)

Blueprint information

Status:
Not started
Approver:
Renat Akhmerov
Priority:
Medium
Drafter:
Renat Akhmerov
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Not started
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/mistral-rbac,n,z

Addressed by: https://review.openstack.org/413791
    Role based resource access control - get workflows

Addressed by: https://review.openstack.org/421190
    Role based resource access control - update workflows

Addressed by: https://review.openstack.org/445889
    Add unit test for deleting workflows by admin

Addressed by: https://review.openstack.org/450121
    Role based resource access control - get executions

Addressed by: https://review.openstack.org/451160
    Role based resource access control - update executions

Addressed by: https://review.openstack.org/451255
    Role based resource access control - delete executions

Gerrit topic: https://review.openstack.org/#q,topic:bug/1679458,n,z

Addressed by: https://review.openstack.org/453020
    Allow admin user to get workflow of other tenants

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.