cryostat-legacy icon indicating copy to clipboard operation
cryostat-legacy copied to clipboard

Published 20 hours ago verified publisher icon cryostatio

[Request] Multitenant RBAC

Open grzesuav opened this issue 5 months ago • 1 comments

Describe the feature

According to https://github.com/cryostatio/cryostat-operator/blob/cryostat-v3.0/config/crd/bases/operator.cryostat.io_cryostats.yaml#L4887 feature,

he SubjectAccessReview or TokenAccessReview that all clients (users visiting the application via web browser as well
                          as CLI utilities and other programs presenting Bearer auth tokens) must pass in order to access the application.
                          If not specified, the default role required is "create pods/exec" in the Cryostat application's installation namespace.

what we usually need is to have permission per target namespace, not cryostat namespace

Anything other information?

Related discussion - https://github.com/cryostatio/cryostat/discussions/622#discussioncomment-10487652

grzesuav avatar Aug 30 '24 09:08 grzesuav