search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.66k stars 565 forks source link

Respect hierarchy in ACL definitions #2042

Open rkg-mm opened 2 years ago

rkg-mm commented 2 years ago

Current Behavior:

With implementation of #84 project hierarchies get actually relevant. For notifications we introduce respecting the hierarchy by including children in a notification rule with https://github.com/DependencyTrack/dependency-track/pull/2013. But for ACLs this is not yet possible and each version needs to be defined separately.

Proposed Behavior:

If a team is given access to a project via ACL, any children of this project should be covered automatically, too.

To be considered:

This needs to be performant and able to handle big hierarchies without slowing down e.g. portfolio overview

tosicky commented 5 days ago

+1

netomi commented 4 days ago

This feature would be highly appreciated. The portfolio access management as it is right now is not that useful.

E.g. you model your projects in a hierarchical manner, where different teams have access to differnt top-level projects. Now you need to grant each team access to all child-projects of a tlp for them in order to access them. If a new version of a child project is being created, this new project needs to be explicitly added to the list of projects the team can access.

Also not sure how it would work to autocreate new versions of a project with this feature enabled, need to test that.