alfespa17
commented
4 months ago If you add a team to an organization and you don't select any permission, it will be like the same effect it will only have "read access"
Open SaamerS opened 4 months ago
alfespa17
commented
4 months ago If you add a team to an organization and you don't select any permission, it will be like the same effect it will only have "read access"
hfeixas
commented
4 months ago If you add a team to an organization and you don't select any permission, it will be like the same effect it will only have "read access"
Correct - I think this more like, could we extend a single organization to support several RBAC's instead of having to sprawl to another org when we want multiple "Workspace Management" Teams that will manage different subsets of workspaces.
alfespa17
commented
4 months ago That could be an improvement, but I think it will require a lot of changes because of the way the java framework (elide) that we are using manage the access permission for that part of the code.
If you want to do some automation for the team and org configuration maybe you can use the Terrakube provider as an alternative if you need to manage a lot of orgs and teams
https://registry.terraform.io/providers/AzBuilder/terrakube/latest/docs/resources/team
hfeixas
commented
4 months ago That could be an improvement, but I think it will require a lot of changes because of the way the java framework (elide) that we are using manage the access permission for that part of the code.
If you want to do some automation for the team and org configuration maybe you can use the Terrakube provider as an alternative if you need to manage a lot of orgs and teams
https://registry.terraform.io/providers/AzBuilder/terrakube/latest/docs/resources/team
Okay - that is a fair point. Then I would pivot to say, as an admin logging in, it should be easy for me to navigate through hundreds/thousands of orgs. Which means we should have some filter/intelligent searching in the Organization dropdown especially since orgs are slugged via UUID (As they should be) And not friendly names.
alfespa17
commented
4 months ago Yeah that could a small change in the UI I like that idea.
It will only need to update this part of the react code I guess
https://github.com/AzBuilder/terrakube/blob/main/ui/src/domain/Home/MainMenu.jsx
jderieg
commented
3 weeks ago If you add a team to an organization and you don't select any permission, it will be like the same effect it will only have "read access"
Correct - I think this more like, could we extend a single organization to support several RBAC's instead of having to sprawl to another org when we want multiple "Workspace Management" Teams that will manage different subsets of workspaces.
^ This would be a really nice feature-add!
Feature description 💡
Instead of manage workspace permission, two new permissions are added:
Each permission has the ability to select the workspaces that apply to that permission
ex.
Team 1 Admin of Terrakube: Has the ability to view/manage all workspaces Team 2 Admin of X amount of workspaces Team 3 Read of X amount of workspaces
This helps filter out larger organization and manage RBAC at the workspace level
Anything else?
No response