kafka-webview icon indicating copy to clipboard operation
kafka-webview copied to clipboard

Published 20 hours ago verified publisher icon SourceLabOrg

User Permission to Create Views

Open maximann opened this issue 6 years ago • 3 comments

First of all, great project. I just deployed it with a custom Apache Avro deserializer and everything works like a charm.

For my setup, I would like a little more flexibility in terms of user permissions. I do not want users to be able to modify topic settings, but I do want to give the ability to create views. This in effectively means I can not share admin access (since that gives too much power over cluster/topic configuration), but giving user permissions is not enough (since admins would have to create views for users). Is this something that could be changed easily? Happy to help with a PR if you send me some pointers.

maximann avatar Feb 05 '19 16:02 maximann

Glad to hear its working! 👍

In regards to the user permissions, I definitely see the value in more granular user permissions. I think a couple high level decisions need to be made first:

  • Can a user belong to only one group? Or multiple groups?
  • Do you assign permissions to feature sets? or can you also assign permissions to specific assets?
    • Basically the difference between being able to access all created Views, vs only specific Views allowed by your user's Group?

I'd probably argue to keep it simple, and only allow assigning permissions to groups based on feature set.

Thoughts?

Crim avatar Feb 07 '19 00:02 Crim

I think a big question to answer: Should the project strive to enable multi-tenant solutions? More precisely, should users be isolated from each other, and only admins be able to have a global view? This could get complicated quickly, as true multi-tenant solutions can have a hierarchy of permissions, i.e. a global admin, an admin for a group of user-groups, and finally a group member. If yes, then I think resource level permissions are required as well as multi group membership. If no, things are much simpler.

I agree with you that it's probably better to keep things simple and begin with the ability to map feature access to user groups. Possibly a new view to manage groups (CRUD) and assign feature access on a per-group basis.

maximann avatar Feb 07 '19 15:02 maximann

Hmm, I never really gave the thought of using it in a multi-tenant type situation, I wonder how common that use case would be, or if any other solutions exist that fill that need yet.

Even so, I think keeping it simple to start is good, and what you've outlined seems spot on.

If you're interested in contributing, I definitely welcome it! Let me know how I can help you get started :)

Crim avatar Feb 14 '19 07:02 Crim