On Tue, 2011-01-04 at 16:22 +0000, Daniel P. Berrange wrote: > Well I'd like us to have fine grained access control across users, > objects & operations, probably using the role based access control > model. Once you have such fine grained access control, then I > don't believe you have a clearcut boundary between users of libvirtd > and users of VNC. eg, you may well give the VNC admin access to the > 'virDomainDestroy' and 'virDomainStart' commands for his own domains, > but not other people's domains. So I think we should think about the > solution to the authorization problem for both libvirtd & VNC at the > same time. Have you got an RBAC library in mind that would take the group management outside of libvirt (like SASL does for authentication), or does it all need building? Neil -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list