Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to group roles by namespace #93

Closed
2 tasks
billkalter opened this issue Feb 21, 2017 · 0 comments
Closed
2 tasks

Add ability to group roles by namespace #93

billkalter opened this issue Feb 21, 2017 · 0 comments

Comments

@billkalter
Copy link
Contributor

What is the Issue?

Emo currently stores all rules in a flat namespace. This has worked well under the assumption that a single user, the administrator, is responsible for managing and assigning roles. However, the current move is toward a delegated administration system, where the administrator can create trusted API keys which themselves can create roles with limited permissions and assign those to API keys (see #63). To support this each API key must have a safe sandbox for creating and managing roles; it would be dangerous to have a flat all-or-nothing system where any user with permission to update roles could update any role in the system.

The issue being documented here is a perquisite to the permissions aspect. There should be the ability to group related roles by a common namespace. With this in place it would be possible to grant an API key permission such as "manage roles in namespace X" or "assign roles in namespace X". This way the API key would have a safe sandbox for role administration without permission to manage or assign roles outside of that sandbox.

Risk

By itself the ability to group roles by namespace is low. The riskiest aspects of this change are:

  1. Ensuring backwards compatibility with existing role permissions and/or an upgrade/migration procedure which can be performed with no downtime.
  2. Ensuring that roles with the same name in different namespaces do not collide.

Level

Medium

Issue Checklist

  • Make sure to label the issue.

  • Well documented description of use-cases and bugs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant