rfcs icon indicating copy to clipboard operation
rfcs copied to clipboard
verified publisher icon concourse

RFC: Operator User separation

Open YoussB opened this issue 6 years ago • 1 comments

rendered An idea that arose when working on the super admin story concourse/concourse#4192.

YoussB avatar Aug 09 '19 14:08 YoussB

In general, I'm not a fan of associating privileges to specific teams. I know we currently have that today with members of the main team granting app-wide privileges, and I'm also not OK with that either!

Specifically, I think it creates a lot of surprise and confusion to attach special actions to not just the role that you possess, but also your membership into specific teams.

Now, the limitation today is that roles are constrained to membership into a team: User -> Team -> Role

Maybe its more interesting to introduce new roles that do not need to be attached to the team: User -> Role -> Team -> Role

We'd have to design the Roles & Permissions so that the permissions themselves do not overlap and intersect in surprising ways

jama22 avatar Aug 23 '19 15:08 jama22