Skip to content

Roles as a Resource support for RBAC #726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #672
misskniss opened this issue Mar 30, 2022 · 5 comments
Closed
Tracked by #672

Roles as a Resource support for RBAC #726

misskniss opened this issue Mar 30, 2022 · 5 comments
Labels
api Area: HTTP API

Comments

@misskniss
Copy link

misskniss commented Mar 30, 2022
edited by Emyrk
Loading

Implement which roles can grant/delete which roles from other users. The desired method of doing this is to make each role (member, admin, etc) a specific resource. Then assign permissions to create/delete the role from a user. This would allow role assignments to be enforced from the rbac Authorize function.

As a stop gap, just have a hard coded list that on admin role can grant/delete roles.
@misskniss misskniss added this to the Community MVP milestone Mar 30, 2022
@misskniss misskniss mentioned this issue Mar 30, 2022
Closed
4 tasks
@misskniss
Copy link
Author

@tjcran I see you removed the missing-details on this one. I re-added it because the existing details are pretty thin including definition of done and technical details. I am sure I have done this to you elsewhere too.

@tjcran
Copy link

tjcran commented May 5, 2022

@tjcran I see you removed the missing-details on this one. I re-added it because the existing details are pretty thin including definition of done and technical details. I am sure I have done this to you elsewhere too.

@Emyrk is there a bit more detail you can add to the implementation? I see you added some detail. It's probably enough that you know what needs to be done but I think the idea is that anyone else would be able to pick this up and complete the work.

@misskniss misskniss mentioned this issue May 6, 2022
Closed
6 tasks
@misskniss
Copy link
Author

Hey team! Please add your planning poker estimate with ZenHub @Emyrk @f0ssel @johnstcn

@f0ssel
Copy link
Contributor

f0ssel commented May 17, 2022

@Emyrk is this still applicable?

@Emyrk
Copy link
Member

Emyrk commented May 17, 2022

@f0ssel it is if we add more roles. Essentially right now there is an AssignRole resource. If you have that permission, you can assign all roles.

If we want to say, role X can only assign roles Y, Z and not X, then we need this.

@misskniss misskniss mentioned this issue Jun 1, 2022
Closed
3 tasks
@misskniss misskniss removed this from the Enterprise MVP milestone Jul 22, 2022
@f0ssel f0ssel mentioned this issue Jul 28, 2022
Closed
@f0ssel f0ssel closed this as completed Jul 28, 2022
@f0ssel f0ssel closed this as not planned Won't fix, can't repro, duplicate, stale Jul 28, 2022
@DanyRay420 DanyRay420 mentioned this issue Feb 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api Area: HTTP API
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@misskniss @Emyrk @tjcran @kylecarbs @f0ssel