cloud-pipeline icon indicating copy to clipboard operation
cloud-pipeline copied to clipboard

Published 20 hours ago verified publisher icon epam

Allow to grant permissions to user account

Open mzueva opened this issue 2 years ago • 1 comments

Background At the moment only admin users and users with ROLE_READER assigned can view list of users and user details. In addition to this platform shall allow to grant access to user using ACL approach, as it is done for other types of entities.

Approach

  • Access for admins and ROLE_READER users remain the same
  • Admins shall be allowed to grant access to users to other users/groups (standard RWE permissions)
  • Users shall be able to view list of users they have READ access to
  • Users with READ permission are allowed to view user details
  • Users with WRITE permission are allowed to modify user metadata (except for secured metadata keys defined by preference misc.metadata.sensitive.keys), editing of other user attributes and roles is not allowed
  • Users with EXECUTE permission are allowed to impersonate as user

mzueva avatar May 10 '23 11:05 mzueva