Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tag / Agent permissions #1158

Closed
5 tasks
moshloop opened this issue Oct 25, 2024 · 0 comments · Fixed by #1162
Closed
5 tasks

Tag / Agent permissions #1158

moshloop opened this issue Oct 25, 2024 · 0 comments · Fixed by #1162
Assignees
@adityathebe
Milestone
v1.0.0

Comments

@moshloop
Copy link
Member

moshloop commented Oct 25, 2024
edited by adityathebe
Loading

Allow permissions on tag or agent so that users can only see components / configs that they have access to

e.g. using https://docs.postgrest.org/en/v12/explanations/db_authz.html

Casbin

  • Will need a role called user that provides an empty interface
  • Add casbin conditions

RLS

  • Will need to inject the conditions that a user can access into the JWT claims passed to postgrest so that they can be used with row level security
  • /api/catalog, /api/topology, /api/resources/search will need to be wrapped in a db session that mimics what postgrest does
  • Add feature flag (db.rowLevelSecurity) to turn on and off row level security
@moshloop moshloop added this to the v1.0.0 milestone Oct 25, 2024
@moshloop moshloop changed the title Scraper / Topology permissions Tag / Agent permissions Oct 25, 2024
@adityathebe adityathebe linked a pull request Dec 25, 2024 that will close this issue
feat: RLS #1162
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adityathebe adityathebe

Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging a pull request may close this issue.

feat: RLS flanksource/duty
2 participants
@moshloop @adityathebe