boundary
boundary copied to clipboard
hashicorp
Roles are not working as expected
Describe the bug
A user is inside two different groups, for example: admins and developers.
In the global scope the group 'admins' is linked to the GlobalAdmin role, whose permissions are:
ids=*;type=*;actions=*
And inside a project, the group developers which is linked to a role that has the following permissions:
ids=ttcp_a0r6J8Djju;type=target;actions=authorize-session
ids=*;type=target;actions=read,list
after setting these permissions, the mentioned user can not see everything, but only one target on that project. So I see the project permissions are overriding the global ones
I have read permissions are additive in Boundary, is this the intended behavior? How can I manage this use case? I read about no-op but I don't know if this can help my use case
What am I doing wrong?
Expected behavior What I expected is: "if you have the permissions in the global scope, having less in the project should not limit you, as you already have them"
What I wanted to do is trying to give permissions to use some specific targets to all the company, but some additional ones (over those general ones) to other teams
Additional context Add any other context about the problem here.
