search

appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
32.44k stars 3.51k forks source link

[Feature]: Make default permission for new added Resources as false #34449

Open eric-spt opened 3 weeks ago

eric-spt commented 3 weeks ago

Is there an existing issue for this?

Summary

We have recently created a new Page in our Appsmith Application, and we realise that all existing Appsmith Roles get access to all resources associated to the page by default.

To help the team better visualise the issue, we have Role A that have access to Page 1 and all resources to Page 1. The Role setup for Role A looks something like this:

We have added a new Page 2, the Role A automatically get access to Page 2 and all of it's resources. The Role setup for Role A now looks something like this:

According to Principle of Least Privileged, the expected result is that Role setup for Role A should remain unchanged when a new page is added. Current behaviour can provide undesired access to all existing roles which is not ideal for an application that's in production.

To maintain backward compatibility, we suggest to have a toggle to provide the ability to enable the behavior mentioned above so that any existing clients can have their existing RBAC setup unaffected and adopt gradually if they see fit.

More info in this Slack thread.

Why should this be worked on?

We understand from the support that permissions for new pages are inherited from the parent (i.e. App-level permissions). While that is applicable to an application without any RBAC concern (e.g a small scale application), it is not usable for any application with a large amount of role (e.g 50+) as all roles need to be updated upon adding any new pages.

Besides, according to Principle of Least Privileged, we do not provide any access to any role until it's necessary. Current behaviour can provide undesired access to all existing roles which is not ideal for any critical application that's in production

Nikhil-Nandagopal commented 3 weeks ago

@eric-spt I believe you can control this today by simply selecting only the pages you want to give permissions to and it will ensure that no future pages get that permission. Simply uncheck the permission at the application level and check it only at the page level.

eric-spt commented 3 weeks ago

@Nikhil-Nandagopal I am currently on a different email thread with the team and the suggested solution its an issue for us. Without providing the Workspace and App-level permissions, the user account wouldn't be able to see the Application at all, rendering the permission created useless.