Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Implement scoping for RBAC - APIs merged with User Roles #722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #672
misskniss opened this issue Mar 30, 2022 · 3 comments
Closed
Tracked by #672

Implement scoping for RBAC - APIs merged with User Roles #722

misskniss opened this issue Mar 30, 2022 · 3 comments
Labels
api Area: HTTP API

Comments

@misskniss
Copy link

misskniss commented Mar 30, 2022
edited by Emyrk
Loading

This is to allow tokens to restrict the scope of the permissions the user has. The token should always restrict the permission set to a subset of permissions. It should never allow privilege escalation.

Example: A devurl token would have *.devurl.*.read to only allow reading of devurls.

Implementation notes

To prevent privilege escalation, just run Authorize() on both the user's permissions and the token's
@misskniss misskniss changed the title Implement scoping for RBAC - API's merged with User Roles Implement scoping for RBAC - APIs merged with User Roles Mar 30, 2022
@misskniss misskniss added this to the Community MVP milestone Mar 30, 2022
@misskniss misskniss mentioned this issue Mar 30, 2022
Closed
4 tasks
@misskniss misskniss mentioned this issue May 6, 2022
Closed
6 tasks
@misskniss
Copy link
Author

Hey team! Please add your planning poker estimate with ZenHub @Emyrk @f0ssel @johnstcn

@misskniss
Copy link
Author

We are not doing workspace agent tokens so we do not need this issue right now.

@misskniss misskniss removed this from the Community MVP milestone May 26, 2022
@Emyrk
Copy link
Member

Emyrk commented May 26, 2022

Workspace agent tokens have their own auth flow/tokens. RBAC is not handling the scoping.

@misskniss misskniss added this to the Enterprise MVP milestone May 26, 2022
@misskniss misskniss mentioned this issue Jun 1, 2022
Closed
3 tasks
@misskniss misskniss removed this from the Enterprise MVP milestone Jul 22, 2022
@f0ssel f0ssel mentioned this issue Jul 28, 2022
Closed
@f0ssel f0ssel closed this as completed Jul 28, 2022
@f0ssel f0ssel closed this as not planned Won't fix, can't repro, duplicate, stale Jul 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api Area: HTTP API
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@misskniss @Emyrk @tjcran @f0ssel