proposals icon indicating copy to clipboard operation
proposals copied to clipboard
verified publisher icon temporalio

Task queues ACL

Open fulviobt opened this issue 3 years ago • 1 comments

Author: Fulvio Tozzo

Summary of the feature being proposed We'd like to restrict read/write access to Temporal task queues based on micro service identity to control who can do what. To implement this we'd like to leverage on an out-of-the-box feature delivered by Temporal.

This proposal follows this conversation https://community.temporal.io/t/authorization-on-task-queue/4780

What value does this feature bring to Temporal? This feature would make Temporal more secure and would facilitate its adoption in environments where security is paramount without the need of creating a security exception approved by CISO.

Are you willing to implement this feature yourself? Not in the short term as we do not have GO know how nor development capacity to dedicate to this task

fulviobt avatar Jun 29 '22 14:06 fulviobt

One respondent in the linked conversation suggests using the pluggable Authorizer and ClaimMapper.

Is that the approach you are advocating?

joebowbeer avatar Jun 29 '22 15:06 joebowbeer