ryanhamilton
commented
1 year ago Restrict Access to Server subsets Not giving a normal user a connection to tickerplant. Production support user does. e.g. user-il wants support to access tasks server to view/kick off tasks but NOT normal users.
OptionA - Restrict which users can access which data sources
- A subset of connections that only admins can access. Don't need further subsets/subgroups.
Still can't really see who it is but in theory can be added later or traced in logs. ??What about Dashboard level vs Data source level??? ??What will be the default?? With KX Dash - The use the ((USER)) to control. Not used for access control.
OptionB - Pass through "connect as user". i.e. not generic shared handle, specific to user.
OptionC - ((USER))/prequery ? - >>Requires adding that logic everywhere.
Much nicer for users to only see what they can actually query!
Agreed: Ryan to implement A to at least admin level. Separately user-il is going to implement C anyway to have user level logging.
Users: user-ph user-il
Note: We had previously said perms should be handled at database access level with ((USER)) passthrough. Special connection and permission handling required for kdb. A few different unclear asks currently.
Other users - Want separate groups/teams so that not all users can view all dashboards.
user-ph -
user-il -