As an administrator of the registry, I don't want ENG operator loading data to have administration authorizations

NASA-PDS / registry

PDS Registry provides service and software application necessary for tracking, searching, auditing, locating, and maintaining artifacts within the system. These artifacts can range from data files and label files, schemas, dictionary definitions for objects and elements, services, etc.

https://nasa-pds.github.io/registry

Apache License 2.0

3 stars 2 forks source link

As an administrator of the registry, I don't want ENG operator loading data to have administration authorizations #309

Closed tloubrieu-jpl closed 2 weeks ago

tloubrieu-jpl commented 3 months ago

💡 Description

We need to have 2 distinct groups for ENG node:

admin: authorized to create indexes...
operator: only read/write in the en-* indexes

⚔️ Parent Epic / Related Tickets

No response

sjoshi-jpl commented 3 months ago

We can have a PDS_ADMIN_USERS and PDS_ENG_USERS, both tied to different IAM roles. The ENG IAM role will only have read/write access to en-* indexes.

tloubrieu-jpl commented 2 weeks ago

@sjoshi-jpl I will close this ticket since the roles are created in production. However, we should eventually have a terraform script and a commit or PR to attach to the closed ticket or a link to a documentation. As a dev team this is inconfortable to close tickets without a produced artifact.