ipm icon indicating copy to clipboard operation
ipm copied to clipboard

Published 20 hours ago verified publisher icon intersystems

Shall we add a new resource for `<Role>`

Open isc-shuliu opened this issue 1 year ago • 4 comments

See https://github.com/intersystems/ipm/pull/562#discussion_r1764681592 and https://github.com/intersystems/ipm/pull/572#discussion_r1766481177

Shall we add a new resource <Role> in module.xml?

According to the online doc, it can look like

<Role 
  Name="MyRoleName"
  Descrpition="my role description"
  Resources="MyResource1:RW,MyResource2:RWU"
  GrantedRoles="Role1,Role2"
/>

Thoughts: Maybe change Resources to RoleResources to be distinguished from IPM Resources in module.xml

isc-shuliu avatar Sep 19 '24 13:09 isc-shuliu

@isc-tleavitt @isc-kiyer Any thoughts?

isc-shuliu avatar Sep 19 '24 13:09 isc-shuliu

@isc-shuliu Hmm if we go down this route we are basically exposing stuff that a customer can do with a cpf merge file. I wonder if it would be better to instead just add IPM support for cpf merge files instead of re-implementing wrappers for the various Config.* and Security.* classes? It may be a bit tricky though since the iris merge command needs to be run from the OS and I'm not sure if $zf(-100) can run it: https://docs.intersystems.com/iris20242/csp/docbook/DocBook.UI.Page.cls?KEY=ACMF#ACMF_reconfig cc @isc-tleavitt

isc-kiyer avatar Sep 19 '24 13:09 isc-kiyer

I found myself here as I was going to submit a request that is similar to this, My specific request is that I want to be able to define in a Module definition the name of Security Resources that should be installed. I know I can do this with a custom but it seems like many of us would want to be able to add with the installation of a module

  • Security Resources
  • Security Roles
  • Security Users

SCanzano avatar Sep 29 '24 15:09 SCanzano

@SCanzano Resources and Roles make sense, but Users seem a bit more risky. Could you elaborate on the use case for this?

isc-tleavitt avatar Sep 30 '24 10:09 isc-tleavitt

@isc-shuliu Hmm if we go down this route we are basically exposing stuff that a customer can do with a cpf merge file. I wonder if it would be better to instead just add IPM support for cpf merge files instead of re-implementing wrappers for the various Config.* and Security.* classes? It may be a bit tricky though since the iris merge command needs to be run from the OS and I'm not sure if $zf(-100) can run it: https://docs.intersystems.com/iris20242/csp/docbook/DocBook.UI.Page.cls?KEY=ACMF#ACMF_reconfig cc @isc-tleavitt

We've added support for driving CPF merge in 0.10.x, which is much more generally useful, so no plans to actually add this.

isc-tleavitt avatar Apr 11 '25 20:04 isc-tleavitt