Open alternone opened 3 weeks ago
I'm currently evaluating fine-grained permissions and roles for better user management. The main reason why I look into the topic is that a session will be provided with a session token that can be used against the API (https://github.com/DSD-DBS/capella-collab-manager/pull/1710). A full scope session token would be too dangerous, therefore it should only have a limited set of permissions.
In my current approach, it would then also be possible to modify the permissions for the existing roles (support for custom roles will be added later). In your case, you'd remove the CREATE_PROJECT permission for the global role "user".
But just some initial thoughts and not yet implemented.
@MoritzWeber0 how can the CREATE_PROJECT permission be removed for a user? (database, UI, REST)?
@MoritzWeber0 how can the CREATE_PROJECT permission be removed for a user? (database, UI, REST)?
Would be via UI and REST.
Currently in Capella Collabroration Manager "Any user can create a project." which offers large flexibility. In opposite from an ISMS (Information Security Management System) perspective and also maintenance perspective this can lead very quickly to an unmanageable list of projects.
Thus we would like to have a checkbox to disable "User-based Project Creation" in order to:
I like the flexible idea to start and to spread the solution inside a company. For larger deployments we need a more controlled environment with clear mappings and naming conventions.