Closed zprebosnyak-lm closed 1 month ago
@zprebosnyak-lm Thanks a lot, this is awesome news!
I understood the original issue as a request to integrate object level access control (where CRUD permissions could be assigned to individual projects). Is that covered with the work you did? If not, is that still something you need?
Splitting the existing permissions according to CRUD makes sense to me, and it would not conflict with any future plans. If I understand the proposed changes correctly, it wouldn't even be a breaking change, since existing deployments could continue to function.
Happy to have a look if you'd like to raise a PR.
@nscuro Great! I will get a PR opened then.
The ACL work from that other issue is not covered here, but ACL work is also something we want to contribute back. Long term goal is to leverage the ACL to scope teams to projects and then the permissions here would allow users to be scoped to different roles within that team. For example, some users in a team can manage access control for only their team. Others may have more developer type permissions such as creating tags or updating information about their team's projects without being able to delete/create projects, etc. The permission deconstruction is just a first step in that direction.
Current Behavior
Hello, our team at Lockheed Martin has deployed and been playing with Hyades for a little bit (very cool product!) and we wanted to start a discussion on contributing back some permission updates we have made. Before dropping a giant PR on your team we wanted to make sure we weren't conflicting any of your future work / roadmap you all had in mind. It aligns with the ACL issue we have asked about before. Currently the permissions do not give granular enough control to scope users to different levels of access
Proposed Behavior
Deconstructing the permissions would allow users to be scoped to a role that they fit and align better with the CRUD operations each permission can perform. Below is the proposed permissions deconstruction.
We left the top level permission available. It acts as a catch all to perform any CRUD operation and remain backwards compatible with the current permission set.
We have implemented all the changes in the frontend and API server to test backwards compatibility and that the reactive views in the frontend still work as expected.
Thanks for taking the time to consider this and look forward to discussing!
Checklist