alkemio icon indicating copy to clipboard operation
alkemio copied to clipboard

Published 20 hours ago verified publisher icon alkem-io

Global roles

Open techsmyth opened this issue 9 months ago • 0 comments

Description

As the number of spaces on the platform increases there needs to be tighter access to spaces, with improved auditability / notifications

Note: in this initial scope the focus is on the global platform roles

Goal

Improving platform security and data access

Hypothesis

Spaces should have explicit control over the Alkemio platform roles that have access.

Must have scope

  • [ ] Global Admin Spaces ==> Platform Support
  • [ ] Global Admin Community ==> Platform Community Reader
  • [ ] New roles: Platform License Manager, Platform Spaces Reader
  • [ ] Space to have a new setting under privacy called "Allow Alkemio Support Admin Access"; for existing spaces false, for new spaces false
  • [ ] If "Allow Platform Support Admin Access" is enabled then Platform Support can do the same as a Space Admin (what is there now)
  • [ ] If "Allow Platform Support Admin Access" is disabled then Platform Support does not have extra rights than a normal platform user.
  • [ ] All assignments / removal of global admin roles (admin, support, community reader) to trigger a notification to Global Admins

Stakeholders

DevOps Support / Delivery

Design

https://alkem.io/building-alkemio/challenges/technicaldesigns-9455/collaboration/securityroles-2174

techsmyth avatar May 03 '24 13:05 techsmyth