search

TeskaLabs / seacat-auth

SeaCat Auth provides authentication, authorization, identity management, session management and other access control features.
GNU General Public License v3.0
11 stars 6 forks source link

Granular access control #190

Closed byewokko closed 1 year ago

byewokko commented 1 year ago

Seacat Admin API could use more granular access control. At the moment, most calls are either non-superuser or superuser-only. It should differentiate between read and write operations in the individual sub-APIs (tenant, role, credentials...)

Describe the solution you'd like

Section READ EDIT (SOFT) DELETE OTHER
Credentials seacat:credentials:access seacat:credentials:edit seacat:credentials:edit --
Tenants seacat:tenant:access seacat:tenant:edit seacat:tenant:delete seacat:tenant:assign, seacat:tenant:create
Sessions seacat:session:access -- seacat:session:terminate --
Roles seacat:role:access seacat:role:edit seacat:role:edit seacat:role:assign
Resources seacat:resource:access seacat:resource:edit seacat:resource:edit --
Clients seacat:client:access seacat:client:edit seacat:client:edit --
byewokko commented 1 year ago

Resource seacat:tenant:create is not in use for now, creating users still requires superuser rights.