search

opentdf / platform

Persistent data centric security that extends owner control wherever data travels
BSD 3-Clause Clear License
19 stars 11 forks source link

fix(authz): update casbin policy for ERS #1734

Closed elizabethhealy closed 1 week ago

elizabethhealy commented 2 weeks ago

Proposed Changes

Checklist

Testing Instructions

jrschumacher commented 2 weeks ago

@elizabethhealy, @cassandrabailey293 and I were talking about making a change to OpenTDF to only have admin and standard roles.

Admin can mutate anything even unsafe. Standard can read anything.

Any defaults needed in non-opentdf projects should live there. Do you think this would be the opportune time to implement this with your PR?

## Roles (prefixed with role:)
# admin - admin
# standard - standard
# unknown - unknown role or no role

## Actions
# read - read the resource
# write - write to the resource
# delete - delete the resource
# unsafe - unsafe actions

## Role: Admin
p,  role:admin,       *,                                *,      allow

## Role: Standard
p,  role:standard,    *,                             read,      allow
p,  role:standard,    kasregistry.*,                 read,      allow
p,  role:standard,    /v1/authorization,                *,      allow
p,  role:standard,    /v1/token/authorization,          *,      allow
p,  role:standard,    kas.AccessService/Rewrap,         *,      allow
p,  role:standard,    /kas/v2/rewrap,                   *,      allow

## Public routes
p,  role:unknown,     kas.AccessService/Rewrap,         *,      allow
p,  role:unknown,     /kas/v2/rewrap,                   *,      allow
elizabethhealy commented 1 week ago

@elizabethhealy, @cassandrabailey293 and I were talking about making a change to OpenTDF to only have admin and standard roles.

Admin can mutate anything even unsafe. Standard can read anything.

Any defaults needed in non-opentdf projects should live there. Do you think this would be the opportune time to implement this with your PR?

## Roles (prefixed with role:)
# admin - admin
# standard - standard
# unknown - unknown role or no role

## Actions
# read - read the resource
# write - write to the resource
# delete - delete the resource
# unsafe - unsafe actions

## Role: Admin
p,  role:admin,       *,                                *,      allow

## Role: Standard
p,  role:standard,    *,                             read,      allow
p,  role:standard,    kasregistry.*,                 read,      allow
p,  role:standard,    /v1/authorization,                *,      allow
p,  role:standard,    /v1/token/authorization,          *,      allow
p,  role:standard,    kas.AccessService/Rewrap,         *,      allow
p,  role:standard,    /kas/v2/rewrap,                   *,      allow

## Public routes
p,  role:unknown,     kas.AccessService/Rewrap,         *,      allow
p,  role:unknown,     /kas/v2/rewrap,                   *,      allow

@jrschumacher @cassandrabailey293 ya i think that makes sense, we dont really use org-admin in opentdf, ill refactor the PR

elizabethhealy commented 1 week ago

closing in favor of https://github.com/opentdf/platform/pull/1740