search

janus-idp / backstage-plugins

Plugins for Backstage
https://janus-idp.io
Apache License 2.0
145 stars 147 forks source link

RBAC plugin #1994

Open dasari008 opened 2 months ago

dasari008 commented 2 months ago

RBAC Policy to allow every user read access does not work

I have installed the RBAC plugin and defined a default policy using a csv file. I'm not quite familiar with Casbin rule format but i think the policy i have defined here states that i want to allow every user the read action for the catalog-entity read resource.

p, *, catalog-entity, read, allow

Expected Behavior

The permission catalog-entity.read is denied for the user user:default/<my-username>

What are the steps to reproduce this bug?

Install the rbac backend plugin and set the policy as defined above in a csv file.

The app-config.local yaml file

permission:
   enabled: true
   rbac:
     pluginsWithPermissions:
        - catalog
        - scaffolder
        - permission
     policies-csv-file:  <absolute-path-of-the-csv-file-where-the-policy-is-defined>
     admin:
        superUsers:
           -name:  user:default/<some-other-username>

Versions of software used and environment

Local development Node 18 Backstage version 1.29

PatAKnight commented 2 months ago

Sorry, we do not have support for wildcards at the moment. To be able to add the permission catalog.entity.read to your user user:default/<my-username>, you will need to create a role that can then be added to that permission. 

g, user:default/<my-username>, role:default/some-role
p, role:default/some-role, catalog-entity, read, allow

Some more examples can be found here

dasari008 commented 2 months ago

@PatAKnight No issues and thanks for letting me know. The issue is that assigning individual users to a role is very tiresome process when we have thousands of users. I see this issue here is what i'm also looking for. Hopefully we will have this feature in the future.