-
-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permissions Deconstruction #1406
Permissions Deconstruction #1406
Comments
@zprebosnyak-lm Thanks a lot, this is awesome news! I understood the original issue as a request to integrate object level access control (where CRUD permissions could be assigned to individual projects). Is that covered with the work you did? If not, is that still something you need? Splitting the existing permissions according to CRUD makes sense to me, and it would not conflict with any future plans. If I understand the proposed changes correctly, it wouldn't even be a breaking change, since existing deployments could continue to function. Happy to have a look if you'd like to raise a PR. |
@nscuro Great! I will get a PR opened then. The ACL work from that other issue is not covered here, but ACL work is also something we want to contribute back. Long term goal is to leverage the ACL to scope teams to projects and then the permissions here would allow users to be scoped to different roles within that team. For example, some users in a team can manage access control for only their team. Others may have more developer type permissions such as creating tags or updating information about their team's projects without being able to delete/create projects, etc. The permission deconstruction is just a first step in that direction. |
Current Behavior
Hello, our team at Lockheed Martin has deployed and been playing with Hyades for a little bit (very cool product!) and we wanted to start a discussion on contributing back some permission updates we have made. Before dropping a giant PR on your team we wanted to make sure we weren't conflicting any of your future work / roadmap you all had in mind. It aligns with the ACL issue we have asked about before. Currently the permissions do not give granular enough control to scope users to different levels of access
Proposed Behavior
Deconstructing the permissions would allow users to be scoped to a role that they fit and align better with the CRUD operations each permission can perform. Below is the proposed permissions deconstruction.
We left the top level permission available. It acts as a catch all to perform any CRUD operation and remain backwards compatible with the current permission set.
We have implemented all the changes in the frontend and API server to test backwards compatibility and that the reactive views in the frontend still work as expected.
Thanks for taking the time to consider this and look forward to discussing!
Checklist
The text was updated successfully, but these errors were encountered: