RBAC - Githubissues

aenix-io / cozystack

Free and Open Source PaaS-platform for seamless management of virtual machines, managed Kubernetes, and Databases-as-a-Service

https://cozystack.io

Apache License 2.0

780 stars 44 forks source link

RBAC #344

Open matthieu-robin opened 2 weeks ago

matthieu-robin commented 2 weeks ago

Users management and restriction per tenant

kvaps commented 2 weeks ago

Hi @matthieu-robin could you please describe which exactly permissions you want to manage using RBAC model? It would be nice if you can provide user-story: "As Cozystack administrator I want to ..."

Initial design presumed that OIDC users and groups could be assigned per-tenant. And in tenant-configuration you can define which applications with specific values could be deployed.

Would it be enough from your point of view?

matthieu-robin commented 2 weeks ago

As Cozystack administrator I want to ...

Grant access to a final user only to his own tenant
Create some roles ( read only, deploy, modify deployed app/service,...)
Create users per tenant

Let me know if I'm not clear enough

kvaps commented 2 weeks ago

Very clear, thank you!