capacitor icon indicating copy to clipboard operation
capacitor copied to clipboard
verified publisher icon gimlet-io

feat: add "read-only" mode

Open cwrau opened this issue 1 year ago • 4 comments

It would be amazing if one could set the dashboard to be "read only", by which I mean that the user cannot do "breaking" changes like suspending a resource.

I don't consider reconciling breaking, as that would've happened anyways.

cwrau avatar Sep 20 '24 08:09 cwrau

I would second this. As DevSecOps lead, I would love for the devs to be able to use this, but not be able to change anything. It would give them access to the logs in an easy to use gui. I would like to see it go even further with roles where I could limit groups to only certain namespaces/pods

DChevrier1 avatar Oct 08 '24 17:10 DChevrier1

Just to have this mentioned, removing the patch verb from the ClusterRole should do the job. I've implemented this in my Helm chart already: https://github.com/sebastiangaiser/helm-charts/blob/0d247e0d1707327ee654f854fcbc50f270613844/charts/capacitor/templates/clusterrole.yaml#L50 Tbh I've implemented it as a simple way to solve this problem but haven't checked how Capacitor reacts on this...

sebastiangaiser avatar Oct 13 '24 11:10 sebastiangaiser

I would second @DChevrier1 plus it would help Devs to have access to what they need to have in the UI, especially in the Multi-Tenant Cluster.

yashwanth-l avatar Nov 13 '24 10:11 yashwanth-l

We are too looking for this feature. Either a role based access or atleast a readonly dashboard.

jitjoseph avatar Nov 28 '24 12:11 jitjoseph

As we now support RBAC, read only mode will happen through detecting the assigned RBAC roles. If user can perform an action, the feature will be enabled on the UI. Without the right RBAC roles, the feature will be hidden. Eventually providing a read only experience.

laszlocph avatar Jul 09 '25 11:07 laszlocph

Image

laszlocph avatar Aug 18 '25 10:08 laszlocph