chore: Authz should support non-named roles #5855

Emyrk · 2023-01-25T16:35:16Z

Named roles are a construct for users to assign/interact with roles. For authzlayer implementation, we need to create "system" users. To enforce strict security, we are making specific roles with the exact required permissions for the system action. These new roles should not be available to the user. There is a clear code divide with this implementation that allows a RoleNames implementation for users to user, and system users can create their own implementation

This also allows for db backed custom roles in the future.

Named roles are a construct for users to assign/interact with roles. For authzlayer implementation, we need to create "system" users. To enforce strict security, we are making specific roles with the exact required permissions for the system action. These new roles should not be available to the user. There is a clear code divide with this implementation that allows a RoleNames implemenation for users to user, and system users can create their own implementation

Emyrk added 2 commits January 25, 2023 10:32

Update comments

17ea3c3

johnstcn assigned Emyrk Jan 25, 2023

johnstcn self-requested a review January 25, 2023 16:39

johnstcn approved these changes Jan 25, 2023

View reviewed changes

Emyrk merged commit b678309 into main Jan 25, 2023

Emyrk deleted the stevenmasley/support_custom_system_roles branch January 25, 2023 16:54

github-actions bot locked and limited conversation to collaborators Jan 25, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: Authz should support non-named roles #5855

chore: Authz should support non-named roles #5855

Emyrk commented Jan 25, 2023

chore: Authz should support non-named roles #5855

chore: Authz should support non-named roles #5855

Conversation

Emyrk commented Jan 25, 2023