We are moving towards more granular login permissions based on roles. The main advantage is that this allow for more control over different permissions, for example, users added by SAML won't be able to do auth.credentials_login (and auth.social_service_account_login still to be done in balena-api). More over, this also allow for more control, for example, in the future I could see orgs configuring their users to only allow specific login methods (altough this is a stretch, the work here creates the foundation for it to be possible).
We are moving towards more granular login permissions based on roles. The main advantage is that this allow for more control over different permissions, for example, users added by SAML won't be able to do
auth.credentials_login
(andauth.social_service_account_login
still to be done in balena-api). More over, this also allow for more control, for example, in the future I could see orgs configuring their users to only allow specific login methods (altough this is a stretch, the work here creates the foundation for it to be possible).