Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
RFC: RBAC #6
This doesn't seem like that big of a change, and I think most proposed changes are fairly straight forward. I'm not a huge fan of my proposed solution for
Or you can view the original issue
Copying from #2389
As an alternative to require 2 commands to set some
For example set-team could allow you to specify a config file with the following content
This is the permission matrix I've written up to capture both fly and web view actions for each potential member. It's not comprehensive but should cover most use cases.
referenced this pull request
Sep 18, 2018
Hi, just read through the RFC and have a couple of questions hoping it is the correct place to ask them:
Is this RFC for "default" roles with predefined permissions? I think this feature should be very configurable for admins as there are probably lots of organisations out there with different compliance requirements that won't be covered by the roles mentioned in the RFC. We have quite a few roles involved in our release process (ugh...) so it would be awesome if I could create my own role, attach permissions to it and then assign that to users.
I am thinking basically having a permission for each kind of action in concourse (i.e. all CLI commands) that can be assigned to roles.
If that is the case, I definitely would add a role that can view pipelines and manually trigger jobs in them, but not update the pipeline configuration. We need this for our "Release Approvers" that are basically just the people pushing buttons to mark their approval for the release.
If this is not the correct place, please tell me where I should add it. Thanks
The thought (similar to what @Rukenshia mentioned) is that down the road you'll be able to map specific actions to whatever you want, but our initial action/role mapping will probably look something like the following: