ECS user scope

ecs-object-user-scopeObject user names can be either unique all federated VDCs or just in the specific namespace. That short post explains how to configure ECS user scope.

The user scope can be either GLOBAL or NAMESPACE.

  • In GLOBAL scope, object user names are unique across all VDCs in the ECS system.
  • In NAMESPACE scope, object user names are unique within a namespace, so the same object user account names can exist in different namespaces.

The default setting is GLOBAL. If you are going to use ECS in a multi-tenant configuration and need to ensure that tenants are not prevented from using object user names those are in use by other tenants (another namespaces), you should change a scope to NAMESPACE.

Important: The user scope setting must be made before the first object user is created ! Later you’ll not be able to do that.

The way how to change a user scope is described below.

  • Authenticate as root.
  • Save auth token to a cookie file
host$ curl -ks -u root:ChangeMe https://10.10.10.10:4443/login?using-cookies=true -c cookiefile
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><loggedIn><user>root</user></loggedIn>
  • Check the current object user scope.
  • GLOBAL scope is the default one.
host$ curl -ks https://10.10.10.10:4443/config/object/properties  -b cookiefile
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><property_info><properties><entry><key>user_scope</key><value>GLOBAL</value></entry></properties></property_info>
  • Prepare .xml file
  • Enable NAMESPACE scope
host$ echo "<property_update><properties><entry><key>user_scope</key><value>NAMESPACE</value></entry></properties></property_update>" > enable_namespace.xml 
host$ curl -ks -X PUT -H "Content-Type: application/xml" https://10.10.10.10:4443/config/object/properties  -b cookiefile -d @enable_namespace.xml
  • Check if NAMESPACE is the current scope
host$ curl -ks https://10.10.10.10:4443/config/object/properties  -b cookiefile
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><property_info><properties><entry><key>user_scope</key><value>NAMESPACE</value></entry></properties></property_info>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s