> Any concerns if I remove the privacy setting and close the OSSA ?
I know I fat fingered setting this to public when I entered it, so there may be little grounds for saying it should stay private.
It's (hopefully) reasonably obvious that restricting the policies can workaround this in the short term.
> Unless this can cause disruption for other tenants using metadef
It causes disruption in the sense that if I set a metadef to be public it can then be modified by other tenants.
Compare images: if I set an image to be public, it can't be modified by other tenants.
Like Travis, I'd like to see the metadef APIs have more restrictive default policies. That would work around this issue for example.
I agree with Travis that this makes sense as a default:
"add_metadef_namespace":"rule:admin_required"
I'm less sure about the 'rule:owner_or_public_and_not_protected' ones though, eg:
"modify_metadef_tag":"rule:owner_or_(public_and_not_protected)"
My guess is that users would expect public metadefs to be unmodifiable by others in the same way as public images.
I'd lean towards a default of:
"modify_metadef_tag":"rule:owner"
But then I'm not as familiar with this stuff as Travis.
@Travis is there a killer use case for all users being able to modify anyone's public metadefs by default?
> Any concerns if I remove the privacy setting and close the OSSA ?
I know I fat fingered setting this to public when I entered it, so there may be little grounds for saying it should stay private.
It's (hopefully) reasonably obvious that restricting the policies can workaround this in the short term.
> Unless this can cause disruption for other tenants using metadef
It causes disruption in the sense that if I set a metadef to be public it can then be modified by other tenants.
Compare images: if I set an image to be public, it can't be modified by other tenants.
Like Travis, I'd like to see the metadef APIs have more restrictive default policies.
That would work around this issue for example.
I agree with Travis that this makes sense as a default:
"add_metadef_ namespace" :"rule: admin_required"
I'm less sure about the 'rule:owner_ or_public_ and_not_ protected' ones though, eg:
"modify_ metadef_ tag":"rule: owner_or_ (public_ and_not_ protected) "
My guess is that users would expect public metadefs to be unmodifiable by others in the same way as public images.
I'd lean towards a default of:
"modify_ metadef_ tag":"rule: owner"
But then I'm not as familiar with this stuff as Travis.
@Travis is there a killer use case for all users being able to modify anyone's public metadefs by default?