<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 5, 2015 at 10:01 PM, Brian Stinson <span dir="ltr"><<a href="mailto:brian@bstinson.com" target="_blank">brian@bstinson.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi All,<br>
<br>
We're working on testing instances of FAS for storing our user/group<br>
membership information used by the CBS. I'd like to talk about group<br>
naming and the permissions model to get some input. The goal is to get<br>
these discussions going so we can set up our test environment to mirror<br>
what we'll roll out in production. Consider this a proposal, and please<br>
send comments my way (on-list please!).<br>
<br>
Groups will use the convention 'sig-<shortname>', for example: people in<br>
the Cloud SIG will be members of the FAS group 'sig-cloud'. This<br>
convention will allow push access in dist-git to any branch that starts<br>
with sig-cloud (sig-cloud7, sig-cloud7-openstack,<br>
sig-cloud7-openstack-juno) and grant build permissions under the SIG tags<br>
in Koji[0].<br>
<br>
FAS has 3 types of membership in a group: Admin, Sponsor, and User. All 3<br>
levels will be granted commit/build permissions, while only Admins and<br>
Sponsors can modify members of the group.<br>
<br>
To match our permissions model[1], I propose:<br>
- We populate the 'Accounts' (Global Admin) group with the members of the<br>
CentOS Board.<br>
- The Board member responsible for each SIG will create the appropriate<br>
SIG group in FAS<br>
- The Board member will add him/herself as an admin of the group<br>
- The Board member will sponsor the SIG Chair as a sponsor for the group<br>
- From then on, the SIG Chair and Board member can sponsor others into the<br>
group as users (and optionally add more sponsors to the group)<br>
<br>
Anyone have thoughts? Once we reach consensus, I'll get this written up<br>
for the SIG wiki page.<br></blockquote><div><br></div><div>+1 on my side</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Cheers!<br>
Brian<br>
<br>
[0]: <a href="http://wiki.centos.org/BrianStinson/GitBranchesandKojiTags" rel="noreferrer" target="_blank">http://wiki.centos.org/BrianStinson/GitBranchesandKojiTags</a><br>
[1]: <a href="http://wiki.centos.org/SpecialInterestGroup" rel="noreferrer" target="_blank">http://wiki.centos.org/SpecialInterestGroup</a><br>
_______________________________________________<br>
CentOS-devel mailing list<br>
<a href="mailto:CentOS-devel@centos.org">CentOS-devel@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-devel" rel="noreferrer" target="_blank">http://lists.centos.org/mailman/listinfo/centos-devel</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">Sandro Bonazzola<br>Better technology. Faster innovation. Powered by community collaboration.<br>See how it works at <a href="http://redhat.com" target="_blank">redhat.com</a><br></div></div></div></div>
</div></div>