service-fabric icon indicating copy to clipboard operation
service-fabric copied to clipboard
verified publisher icon microsoft

Question - Role-based access control at granular level.

Open nareshkhatri81 opened this issue 8 years ago • 4 comments

Hi Team,

Currently we can have 2 roles in SF cluster admin and user. With these two roles, its not possible to provide granular level access to cluster.

If we would like to do Dev/Staging/Production with same cluster by creating different apps and different apps will be having different admin so that dev/test cant have access to production app etc.

is this feature is planned or something similar possible ?

Thanks, Naresh Khatri

nareshkhatri81 avatar Nov 16 '17 05:11 nareshkhatri81

No unfortunately there are only two access levels to SF management APIs: client (read-only) and admin (full control). There isn't a built-in way to manage per-application access to SF management APIs. It's on the product roadmap to implement more fine-grain control, but it's a ways out.

In the meantime, what you can do is wrap the SF Management API in a service of your own that implements fine-grained access control, and run all of your services with client privileges. This way, none of your services can perform SF management operations directly, they would all have to go through your service that you control role-based access on.

vturecek avatar Nov 17 '17 21:11 vturecek

As u said its in product roadmap, is there any ETA of this feature like year/quater when this will be implemented? Issue here is SF explorer Allows admin to tear down or scale up any app. I am not sure if we will be able to customize SF explorer.

nareshkhatri81 avatar Nov 18 '17 03:11 nareshkhatri81

Want to log that we are tracking this feature request.

craftyhouse avatar Dec 04 '20 21:12 craftyhouse

Any progress on this?

andradf avatar Aug 06 '23 18:08 andradf