-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization feature spec #76
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this is a great start, many details that nicely clarify things. I suggest adding a table to illustrate the matrix of roles and permissions you propose to put in place to help summarize things a bit.
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
# Grant permissions to CRUDL applications in the scoped resource group | ||
- Applications.Core/applications/* | ||
# Restrict using any resource type except those in the MyCompany.App namespace | ||
- MyCompany.App/* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just thinking aloud, but it would be really fun to demo this with a rad role-definition edit
(like kubectl edit
).
I think that creates a really strong narrative about customization.
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
|
||
> [!NOTE] | ||
> | ||
> The UI should refer to resources with the fully qualified name unless the resource group context is obvious. In the examples below, The application is referred to as "getting-started" since the "app-getting-started" resource group was referenced. But the environment is referred to as "env-default/my-kube-context" since it was not previous referenced. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
This is an obvious improvement we can make to a bunch of experiences.
Signed-off-by: Zach Casper <[email protected]>
Signed-off-by: Zach Casper <[email protected]>
No description provided.