hippo
hippo copied to clipboard
implement a permissions model?
Typically, a hosted cloud platform has you log in with your account, create applications, upload personal security keys, some form of user/group management etc. Right now, anyone with credentials can log into the system and create/read/update/delete anything that has been created by any user.
If we were to implement some form of permissions model, how would that look?
Areas to consider:
- are there personal settings (like security keys) that should be tied to a single user?
- should we create a notion of a "group" that users can be invited to and create applications in that group? How do we handle creation/updates/invitations/deletion? I'm thinking specifically the relationship between Github orgs and repositories vs. personal repositories.
- because we push artifacts to bindle, can we figure out a user story to lock down read/write access to certain namespaces/bindle IDs within bindle?
- is there a way we can sign/verify bindles to catch unsigned or unverified bindles from being deployed to nomad?