cloud-pipeline
cloud-pipeline copied to clipboard
epam
[GUI] Storage permissions restrictions
Background
Currently, Cloud Pipeline allows storage owners to set any permission (READ, WRITE, EXECUTE) for their storages without any restriction. It would be useful to configure those restrictions.
To address this, a new preference ui.storages.permissions.restrictions will be introduced to manage and restrict permission levels that non-admin and non-advanced users (storage owners) can assign to storages (like ui.personal.tools.permissions.restrictions described ar #3230).
Approach
Introduce a new preference: ui.storages.permissions.restrictions
- Group: User Interface
- Visible: true
- Type: OBJECT (JSON)
- Default value: empty / not set *
- Format: array of restriction rules:
[
{
"role": "ROLE_USER",
"disable": "WRITE"
},
{
"role": "ROLE_1, ROLE_2",
"disable": "WRITE,EXECUTE"
},
{
"role": "ROLE_3",
"readonly": true
}
]
role property accepts role names (comma-separated) or ALL value (i.e., rule will be applied for all roles).
Possible values for disable property (string, case insensitive, comma-separated):
- READ
- WRITE
- EXECUTE
To disable any role-related modifications, specify readonly: true property for this role (or for all roles if ALL role name provided)
Other options By default (if preference is missing or not set *), no restrictions will be applied.
( * ) [] value (i.e. empty JSON array) is considered as "there are no restrictions".
Empty string value ("") is considered as "preference value is not set".
