sensu-go icon indicating copy to clipboard operation
sensu-go copied to clipboard

Published 20 hours ago verified publisher icon sensu

Expose cluster level api endpoint to gather information concerning user/group permissions

Open jspaleta opened this issue 3 years ago • 1 comments

Context

As an sensu admin you want to diagnose an rbac permissions problem or you want to audit a specific user's permission level.

Feature Suggestion

Expose a cluster level endpoint that a cluster admin can use to provide a summary concerning which groups a user is in and provides RBAC permission summary that points to which resource permissions are provided by which cluserrolebindings or rolebindings.

Straw use case example

Caleb is authenticating via ldap to the sensu backend i administer doesn't have the necessary access to write checks in a namespace. I'd like to use the summary endpoint for caleb's sensu username to audit caleb's existing permissions to figure out which adjustment needs to be made to ensure the correct ldap group has namespace role binding permissions.

jspaleta avatar Oct 26 '21 19:10 jspaleta

Related: https://github.com/sensu/sensu-enterprise-go/issues/873

calebhailey avatar Sep 02 '22 19:09 calebhailey