Feature: Permissions System

[AzorianMatt]

A foundational framework needs developed to implement the desired granular permissions strategy for the entire platform.

This framework should implement a "pluggable" interface which allows application components to define available permissions through a common structure that provides association to data models. This will facilitate the ability for permissions to provide a template that can be applied on a per model record basis to allow for granular permissions structures. This approach should allow the application to move beyond the traditional limitations of static permissions that don't work well for uncommon application features.

A "permission" is defined as the representation of an action associated with a specific entity. For example, the ability to create a DNS zone would be one permission and the ability to delete a DNS zone would be another permission.

A "policy" is defined as the association between a defined permission and an entity that will contain either an allow or deny directive.

A "role" is defined as an arbitrary group of policies which can be used when applying access control to various entities.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. PDA is governed by a small group of core maintainers which means not all opened issues may receive direct feedback. Do not attempt to circumvent this process by "bumping" the issue; doing so will result in its immediate closure and you may be barred from participating in any future discussions. Please see our Contribution Guide.