Eli Mesika has uploaded a new change for review. Change subject: core: squash 03_00_0150_update_roles.sql ......................................................................
core: squash 03_00_0150_update_roles.sql Change-Id: I6f0bb2390b1b5dec6e4f98ba0788903ff151bc55 Signed-off-by: Eli Mesika <emes...@redhat.com> --- M backend/manager/dbscripts/insert_predefined_roles.sql D backend/manager/dbscripts/upgrade/03_00_0150_update_roles.sql 2 files changed, 19 insertions(+), 55 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/59/15459/1 diff --git a/backend/manager/dbscripts/insert_predefined_roles.sql b/backend/manager/dbscripts/insert_predefined_roles.sql index 091f234..29f72b8 100644 --- a/backend/manager/dbscripts/insert_predefined_roles.sql +++ b/backend/manager/dbscripts/insert_predefined_roles.sql @@ -35,7 +35,7 @@ --insert into vdc_options (option_name,option_value,version) select 'DomainName','example.org','general' where not exists (select option_name,version from vdc_options where option_name='DomainName' and version='general'); delete from roles_groups where role_id = v_super_user_id_0001; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_super_user_id_0001,'SuperUser','Roles management administrator',true,1 where not exists (select * from roles where id=v_super_user_id_0001 and name='SuperUser' and description='Roles management administrator' and is_readonly=true and role_type=1); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_super_user_id_0001,'SuperUser','System Administrators with permission for all operations',true,1 where not exists (select * from roles where id=v_super_user_id_0001 and name='SuperUser' and description='System Administrators with permission for all operations' and is_readonly=true and role_type=1); INSERT INTO roles(id,name,description,is_readonly,role_type) select v_super_user_id_0001,'SuperUser','System Administrators with permission for all operations',true,1 where not exists (select * from roles where id=v_super_user_id_0001 and name='SuperUser' and description='System Administrators with permission for all operations' and is_readonly=true and role_type=1); @@ -154,7 +154,7 @@ --CONFIGURE_STORAGE_POOL_NETWORK INSERT INTO roles_groups(role_id,action_group_id) VALUES(v_super_user_id_0001,703); delete from roles_groups where role_id = v_user_id_1001; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_user_id_1001,'ENGINEUser','oVirt user',true,2 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_user_id_1001 and name='ENGINEUser' and description='oVirt user' and is_readonly=true and role_type=2); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_user_id_1001,'UserRole','Standard User Role',true,2 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_user_id_1001 and name='UserRole' and description='Standard User Role' and is_readonly=true and role_type=2); --VM_BASIC_OPERATIONS INSERT INTO roles_groups(role_id,action_group_id) VALUES(v_user_id_1001,4); @@ -168,7 +168,7 @@ --PoewerUser role --------------- delete from roles_groups where role_id = v_power_user_id_0002; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_power_user_id_0002,'ENGINEPowerUser','oVirt power user',true,2 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_power_user_id_0002 and name='ENGINEPowerUser' and description='oVirt power user' and is_readonly=true and role_type=2); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_power_user_id_0002,'PowerUserRole','User Role, allowed to create/manage Vms and Templates',true,2 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_power_user_id_0002 and name='PowerUserRole' and description='User Role, allowed to create/manage Vms and Templates' and is_readonly=true and role_type=2); ---Vm Groups @@ -220,7 +220,7 @@ ------------- --CLUSTER_ADMIN role --------------- -delete from roles_groups where role_id = v_CLUSTER_ADMIN_ID;INSERT INTO roles(id,name,description,is_readonly,role_type) select v_CLUSTER_ADMIN_ID,'ClusterAdmin','Cluster administrator',true,1 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_CLUSTER_ADMIN_ID and name='ClusterAdmin' and description='Cluster administrator' and is_readonly=true and role_type=1); +delete from roles_groups where role_id = v_CLUSTER_ADMIN_ID;INSERT INTO roles(id,name,description,is_readonly,role_type) select v_CLUSTER_ADMIN_ID,'ClusterAdmin','Administrator Role, permission for all the objects underneath a specific Cluster',true,1 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_CLUSTER_ADMIN_ID and name='ClusterAdmin' and description='Administrator Role, permission for all the objects underneath a specific Cluster' and is_readonly=true and role_type=1); ---Vm Groups @@ -282,7 +282,7 @@ --DATA_CENTER_ADMIN role --------------- delete from roles_groups where role_id = v_DATA_CENTER_ADMIN_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_DATA_CENTER_ADMIN_ID,'DataCenterAdmin','Data Center administrator',true,1 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_DATA_CENTER_ADMIN_ID and name='DataCenterAdmin' and description='Data Center administrator' and is_readonly=true and role_type=1); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_DATA_CENTER_ADMIN_ID,'DataCenterAdmin','Administrator Role, permission for all the objects underneath a specific Data Center, except Storage',true,1 where not exists (select id,name,description,is_readonly,role_type from roles where id=v_DATA_CENTER_ADMIN_ID and name='DataCenterAdmin' and description='Administrator Role, permission for all the objects underneath a specific Data Center, except Storage' and is_readonly=true and role_type=1); ---Vm Groups --CREATE_VM @@ -363,8 +363,8 @@ --STORAGE_ADMIN role --------------- delete from roles_groups where role_id = v_STORAGE_ADMIN_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_STORAGE_ADMIN_ID,'StorageAdmin','Storage administrator',true,1 where -not exists (select id,name,description,is_readonly,role_type from roles where id=v_STORAGE_ADMIN_ID and name='StorageAdmin' and description='Storage administrator' and is_readonly=true and role_type=1); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_STORAGE_ADMIN_ID,'StorageAdmin','Administrator Role, permission for all operations on a specific Storage Domain',true,1 where +not exists (select id,name,description,is_readonly,role_type from roles where id=v_STORAGE_ADMIN_ID and name='StorageAdmin' and description='Administrator Role, permission for all operations on a specific Storage Domain' and is_readonly=true and role_type=1); -- storage domains actions groups --CREATE_STORAGE_DOMAIN @@ -381,8 +381,8 @@ --------------- delete from roles_groups where role_id = v_HOST_ADMIN_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_HOST_ADMIN_ID,'HostAdmin','Host administrator',true,1 where -not exists (select id,name,description,is_readonly,role_type from roles where id=v_HOST_ADMIN_ID and name='HostAdmin' and description='Host administrator' and is_readonly=true and role_type=1); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_HOST_ADMIN_ID,'HostAdmin','Administrator Role, permission for all operations on a specific Host',true,1 where +not exists (select id,name,description,is_readonly,role_type from roles where id=v_HOST_ADMIN_ID and name='HostAdmin' and description='Administrator Role, permission for all operations on a specific Host' and is_readonly=true and role_type=1); -- host (vds) actions groups --CREATE_HOST @@ -411,8 +411,8 @@ --------------- delete from roles_groups where role_id = v_NETWORK_ADMIN_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_NETWORK_ADMIN_ID,'NetworkAdmin','Network administrator',true,1 where -not exists (select id,name,description,is_readonly,role_type from roles where id=v_NETWORK_ADMIN_ID and name='NetworkAdmin' and description='Network administrator' and is_readonly=true and role_type=1); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_NETWORK_ADMIN_ID,'NetworkAdmin','Administrator Role, permission for all operations on a specific Logical Network',true,1 where +not exists (select id,name,description,is_readonly,role_type from roles where id=v_NETWORK_ADMIN_ID and name='NetworkAdmin' and description='Administrator Role, permission for all operations on a specific Logical Network' and is_readonly=true and role_type=1); --CONFIGURE_HOST_NETWORK INSERT INTO roles_groups(role_id,action_group_id) VALUES(v_NETWORK_ADMIN_ID,104); --MANIPUTLATE_HOST @@ -425,8 +425,8 @@ --------------- delete from roles_groups where role_id = v_VM_ADMIN_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_VM_ADMIN_ID,'VmOperator','VM operator',true,2 where -not exists (select id,name,description,is_readonly,role_type from roles where id=v_VM_ADMIN_ID and name='VmOperator' and description='VM operator' and is_readonly=true and role_type=2); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_VM_ADMIN_ID,'UserVmManager','User Role, with permission for any operation on Vms',true,2 where +not exists (select id,name,description,is_readonly,role_type from roles where id=v_VM_ADMIN_ID and name='UserVmManager' and description='User Role, with permission for any operation on Vms' and is_readonly=true and role_type=2); ---Vm Groups --CREATE_VM @@ -458,8 +458,8 @@ --VM_POOL_ADMIN role --------------- delete from roles_groups where role_id = v_VM_POOL_ADMIN_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_VM_POOL_ADMIN_ID,'VmPoolAdmin','Vm-Pool administrator',true,1 where -not exists (select id,name,description,is_readonly,role_type from roles where id= v_VM_POOL_ADMIN_ID and name='VmPoolAdmin' and description='Vm-Pool administrator' and is_readonly=true and role_type=1); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_VM_POOL_ADMIN_ID,'VmPoolAdmin','Administrator Role, permission for all operations on a specific VM Pool',true,1 where +not exists (select id,name,description,is_readonly,role_type from roles where id= v_VM_POOL_ADMIN_ID and name='VmPoolAdmin' and description='Administrator Role, permission for all operations on a specific VM Pool' and is_readonly=true and role_type=1); -- vm pools actions groups --CREATE_VM_POOL @@ -473,8 +473,8 @@ --TEMPLATE_ADMIN role --------------- delete from roles_groups where role_id = v_TEMPLATE_ADMIN_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_TEMPLATE_ADMIN_ID,'TemplateAdmin','Template administrator',true,1 where -not exists (select id,name,description,is_readonly,role_type from roles where id= v_TEMPLATE_ADMIN_ID and name='TemplateAdmin' and description='Template administrator' and is_readonly=true and role_type=1); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_TEMPLATE_ADMIN_ID,'TemplateAdmin','Administrator Role, permission for all operations on a specific Template',true,1 where +not exists (select id,name,description,is_readonly,role_type from roles where id= v_TEMPLATE_ADMIN_ID and name='TemplateAdmin' and description='Administrator Role, permission for all operations on a specific Template' and is_readonly=true and role_type=1); -- templates actions groups --CREATE_TEMPLATE INSERT INTO roles_groups(role_id,action_group_id) VALUES(v_TEMPLATE_ADMIN_ID,200); @@ -491,8 +491,8 @@ --TEMPLATE_USER role --------------- delete from roles_groups where role_id = v_TEMPLATE_USER_ID; -INSERT INTO roles(id,name,description,is_readonly,role_type) select v_TEMPLATE_USER_ID,'TemplateUser','Template User',true,2 where -not exists (select id,name,description,is_readonly,role_type from roles where id= v_TEMPLATE_USER_ID and name='TemplateUser' and description='Template User' and is_readonly=true and role_type=2); +INSERT INTO roles(id,name,description,is_readonly,role_type) select v_TEMPLATE_USER_ID,'UserTemplateBasedVm','User Role, with permissions only to use Templates',true,2 where +not exists (select id,name,description,is_readonly,role_type from roles where id= v_TEMPLATE_USER_ID and name='UserTemplateBasedVm' and description='User Role, with permissions only to use Templates' and is_readonly=true and role_type=2); -- MAKE BLANK TEMPLATE PUBLIC diff --git a/backend/manager/dbscripts/upgrade/03_00_0150_update_roles.sql b/backend/manager/dbscripts/upgrade/03_00_0150_update_roles.sql deleted file mode 100644 index 8a0c8b8..0000000 --- a/backend/manager/dbscripts/upgrade/03_00_0150_update_roles.sql +++ /dev/null @@ -1,36 +0,0 @@ -update roles set name ='UserRole', description = 'Standard User Role' -where id = '00000000-0000-0000-0001-000000000001'; - -update roles set name ='PowerUserRole', description = 'User Role, allowed to create/manage Vms and Templates' -where id = '00000000-0000-0000-0001-000000000002'; - -update roles set name ='UserVmManager', description = 'User Role, with permission for any operation on Vms' -where id = 'DEF00006-0000-0000-0000-DEF000000006'; - -update roles set description = 'Administrator Role, permission for all operations on a specific Template' -where id = 'DEF00008-0000-0000-0000-DEF000000008'; - -update roles set name ='UserTemplateBasedVm', description = 'User Role, with permissions only to use Templates' -where id = 'DEF00009-0000-0000-0000-DEF000000009'; - -update roles set description = 'System Administrators with permission for all operations' -where id = '00000000-0000-0000-0000-000000000001'; - -update roles set description = 'Administrator Role, permission for all the objects underneath a specific Cluster' -where id = 'DEF00001-0000-0000-0000-DEF000000001'; - -update roles set description = 'Administrator Role, permission for all the objects underneath a specific Data Center, except Storage' -where id = 'DEF00002-0000-0000-0000-DEF000000002'; - -update roles set description = 'Administrator Role, permission for all operations on a specific Storage Domain' -where id = 'DEF00003-0000-0000-0000-DEF000000003'; - -update roles set description = 'Administrator Role, permission for all operations on a specific Host' -where id = 'DEF00004-0000-0000-0000-DEF000000004'; - -update roles set description = 'Administrator Role, permission for all operations on a specific Logical Network' -where id = 'DEF00005-0000-0000-0000-DEF000000005'; - -update roles set description = 'Administrator Role, permission for all operations on a specific VM Pool' -where id = 'DEF00007-0000-0000-0000-DEF000000007'; - -- To view, visit http://gerrit.ovirt.org/15459 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6f0bb2390b1b5dec6e4f98ba0788903ff151bc55 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Eli Mesika <emes...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
