cloud-pipeline
cloud-pipeline copied to clipboard
epam
Personal tool groups / tools: permission management enhancements
Background At the moment, Cloud Pipeline does not allow to set WRITE permission for personal tool groups for all users / roles (unless authenticated user is admin). It would be useful to configure those restrictions using preferences.
Approach
Let's introduce preference ui.personal.tools.permissions.restrictions:
- group: User Interface
- visible: true
- type: OBJECT (JSON)
- default value: empty / not set *
- format: array of restriction rules:
[
{
"role": "ROLE_USER",
"disable": "WRITE"
},
{
"role": "ROLE_1, ROLE_2",
"disable": "WRITE,EXECUTE"
},
{
"role": "ROLE_3",
"readonly": true
}
]
role property accepts role names (comma-separated) or ALL value (i.e., rule will be applied for all roles).
Possible values for disable property (string, case insensitive, comma-separated):
- READ
- WRITE
- EXECUTE
Other options By default (if preference is missing or not set *), the following rule will be applied:
- role: ALL roles
- disable:
WRITE(write is denied)
To disable any role-related modifications, specify readonly: true property for this role (or for all roles if ALL role name provided)
( * ) [] value (i.e. empty JSON array) is considered as "there are no restrictions".
Empty string value ("") is considered as "preference value is not set".
