search

eve-seat / seat

SeAT 0x. [UNSUPPORTED]
https://github.com/eveseat/seat
MIT License
69 stars 38 forks source link

[Suggestion] Recruiters permission shouldn't provide access to certain api keys #357

Closed Nutbolt52 closed 7 years ago

Nutbolt52 commented 9 years ago

If I assign someone the recruiters permission they can see directors/ceo and corp api keys. This is not ideal. I love my recruiters but I don't love them that much :p

I suggest recruiters have limited access to API keys. Either as KasliCatal (in IRC) has done and limit so they can only see what they have entered; OR limit to simply anyone who is in the same corp as the recruiter and isn't a director and never show corp api keys to them.

ccatlett1984 commented 9 years ago

Discussion point: What about using the "permissions" a "person" has assigned to them via a group?

I'm a CEO (I have delegated permissions to this group for management of all keys of that corp), I can delete/view any key that has a toon in my corp associated with it.

I'm a Recruiter (I've been delegated permissions to non-sensitive keys of that corp. Sensitive would be keys belonging to users in groups that i specified.) I can't delete/view the keys of Directors or CEO's.

Nutbolt52 commented 9 years ago

Sounds good. Further point: depends on the overall permissions (out of loop atm) changes but perhaps a hierarchical system. If in certain group or above, then can't see keys might require less admin work for ceos and directors

-------- Original message -------- From: ccatlett1984 notifications@github.com Date: 24/03/2015 3:42 pm (GMT+01:00) To: eve-seat/seat seat@noreply.github.com Cc: Adam Jackson adam@nutbolt.eu Subject: Re: [seat] [Suggestion] Recruiters permission shouldn't provide access to certain api keys (#357)

Discussion point: What about using the "permissions" a "person" has assigned to them via a group?

I'm a CEO (I have delegated permissions to this group for management of all keys of that corp), I can delete any key that has a toon in my corp associated with it.

I'm a Recruiter (I've been delegated permissions to non-sensitive keys of that corp. Sensitive would be keys belonging to users in groups that i specified.) I can't delete/view the keys of Directors or CEO's.

Reply to this email directly or view it on GitHubhttps://github.com/eve-seat/seat/issues/357#issuecomment-85534385.