Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag / Agent permissions #1158

Open
5 tasks
moshloop opened this issue Oct 25, 2024 · 0 comments · May be fixed by #1162
Open
5 tasks

Tag / Agent permissions #1158

moshloop opened this issue Oct 25, 2024 · 0 comments · May be fixed by #1162
Assignees
Milestone

Comments

@moshloop
Copy link
Member

moshloop commented Oct 25, 2024

Allow permissions on tag or agent so that users can only see components / configs that they have access to

e.g. using https://docs.postgrest.org/en/v12/explanations/db_authz.html

Casbin

  • Will need a role called user that provides an empty interface
  • Add casbin conditions

RLS

  • Will need to inject the conditions that a user can access into the JWT claims passed to postgrest so that they can be used with row level security
  • /api/catalog, /api/topology, /api/resources/search will need to be wrapped in a db session that mimics what postgrest does
  • Add feature flag (db.rowLevelSecurity) to turn on and off row level security
@moshloop moshloop added this to the v1.0.0 milestone Oct 25, 2024
@moshloop moshloop changed the title Scraper / Topology permissions Tag / Agent permissions Oct 25, 2024
@adityathebe adityathebe linked a pull request Dec 25, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants