1 # RBAC for the platform #
4 - Gerardo Garcia (Telefonica)
5 - Alfonso Tierno (Telefonica)
6 - Francisco Javier Ramon (Telefonica)
15 The NFV Orchestrator requires a significant set of capabilities and privileges
16 to perform all its required tasks: VNF onboarding, NS design & onboarding, NS
17 deployment, day-2 operation, NS shutdown, or addition of new datacenters/VIMs,
18 among others. However, not all of those tasks are expected to be performed by
19 the same user in the organization, since each of those stages may have
20 different implications in terms of service continuity, validation, license
21 consumption, access to credentials, etc.
23 Thus, for real operation, the system should allow the definition of different
24 roles, defined by admin user, with different sets of privileges. All users
25 should be mapped, at least, to one of these roles.
27 As a minimum, it is expected that the system should be able to enforce these
29 1. Allowed to onboard a VNF
30 2. Allowed to onboard a NS
31 3. Allowed to deploy a NS
32 4. Allowed to operate an existing NS (call to primitives, receive monitoring
33 data, etc.), except NS scaling.
34 5. Allowed to scale a NS.
35 6. Allowed to terminate a NS.
36 7. Allowed to customize the system and configure the roles.
38 By default, the admin/root role should have been assigned all the privileges
41 ## Demo or definition of done ##
42 - Successful creation by an admin user of the role TECHNOLOGY with privileges
43 #1, #2, #3, with an user (tech) on it.
44 - Successful creation by an admin user of the role OPERATIONS with privileges
45 #3, #4, #5, #6, with an user (op) on it.
46 - Check that tech and op are allowed to run operations of the kind authorized
48 - Check that tech and op are not allowed to run operations not authorized in
50 - Check that users with the admin role support all the types of operations
51 above (from #1 to #7).