coder
Template permissions: Allow adding specific users to specific templates
As a template admin, I only want certain users to access specific templates. For example, I have experimental templates I want to use myself. I also have contractors that should only use one template for security reasons.
The RBAC system has to be built with groups in mind since this feature is for large deployments. I suggest we implement https://github.com/coder/coder/issues/2791 simultaneously.
Related #2950
@ammario isn't this sort of access control better suited for RBAC than template metadata?
I edited the original post to reflect the points you brought up in Discord about how doing this in the UI/API makes more sense than with config.
Is this different groups than orgs? The current templates are scoped to an organization, and all users on the product are in the first organization.
Is the suggestion to support groups within orgs? At present the RBAC system only supports "organization" grouping of resources.
Is this different groups than orgs? The current templates are scoped to an organization, and all users on the product are in the first organization.
Is the suggestion to support groups within orgs? At present the RBAC system only supports "organization" grouping of resources.
I'm using groups and orgs interchangeably. We should probably revisit the terminology with this fresh start.
Just checking there was not a suggestion to create a second layer of grouping. 1 level of grouping is good :+1:.
Terminology wise, happy to change. The code is all saying "organization_id" and already supports this. We just don't expose the creation of multiple orgs atm. Unsure how the cli and ui handle switching orgs atm.
Another prospect has requested this feature: giving specific groups of users access to specific templates.
