[CentOS-devel] Central Auth: Group naming and Process Proposal

Thu Aug 6 06:47:52 UTC 2015
Sandro Bonazzola <sbonazzo at redhat.com>

On Wed, Aug 5, 2015 at 10:01 PM, Brian Stinson <brian at bstinson.com> wrote:

> Hi All,
>
> We're working on testing instances of FAS for storing our user/group
> membership information used by the CBS. I'd like to talk about group
> naming and the permissions model to get some input. The goal is to get
> these discussions going so we can set up our test environment to mirror
> what we'll roll out in production. Consider this a proposal, and please
> send comments my way (on-list please!).
>
> Groups will use the convention 'sig-<shortname>', for example: people in
> the Cloud SIG will be members of the FAS group 'sig-cloud'. This
> convention will allow push access in dist-git to any branch that starts
> with sig-cloud (sig-cloud7, sig-cloud7-openstack,
> sig-cloud7-openstack-juno) and grant build permissions under the SIG tags
> in Koji[0].
>
> FAS has 3 types of membership in a group: Admin, Sponsor, and User. All 3
> levels will be granted commit/build permissions, while only Admins and
> Sponsors can modify members of the group.
>
> To match our permissions model[1], I propose:
> - We populate the 'Accounts' (Global Admin) group with the members of the
>   CentOS Board.
> - The Board member responsible for each SIG will create the appropriate
>   SIG group in FAS
> - The Board member will add him/herself as an admin of the group
> - The Board member will sponsor the SIG Chair as a sponsor for the group
> - From then on, the SIG Chair and Board member can sponsor others into the
>   group as users (and optionally add more sponsors to the group)
>
> Anyone have thoughts? Once we reach consensus, I'll get this written up
> for the SIG wiki page.
>

+1 on my side


>
> Cheers!
> Brian
>
> [0]: http://wiki.centos.org/BrianStinson/GitBranchesandKojiTags
> [1]: http://wiki.centos.org/SpecialInterestGroup
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
>



-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20150806/9e2bee41/attachment-0008.html>