Versions Compared

Old Version 12

changes.mady.by.user Pavel Paroulek

Saved on

compared with

New Version 13

changes.mady.by.user Pavel Paroulek

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Users have roles assigned and each role has permissions.

A&AI permissions

...

for Casablanca

There will be a separate permission for traversal and resources web services. Let's call these permissions org.onap.aai.resources and org.onap.aai.traversal. For now we will not distinguish between different objects we could affect, so the instance will always be "*" meaning everything. Actions will be mapped to HTTP verbs - GET, PUT, POST, DELETE, PATCH.

For a seemless transition to AAF, the first roles we use for our clients will be called org.onap.aai.resources_all and org.onap.aai.traversal_all and will contain all read and write permissions for A&AI web serviceswith read and write permission and org.onap.aai.resources_readonly and org.onap.aai.traversal_readonly with read only permission. These roles will be assigned to all users/applications which access A&AI web services.

...

Role org.onap.aai.resources_all
Permission typeinstancesaction
org.onap.aai.resources*get
org.onap.aai.resources*put
org.onap.aai.resources*post
org.onap.aai.resources*delete
org.onap.aai.resources*patch

Open questions

...

Role org.onap.aai.resources_readonly
Permission typeinstancesaction
org.onap.aai.resources*get
Role org.onap.aai.traversal_readonly
Permission typeinstancesaction
org.onap.aai.traversal*put
org.onap.aai.traversal*post

Open questions

...

  1. How do we enable AAF since it has to have a connection to the windriver lab? Or we enable it only in special deployments?

...