Skip to content

RBAC DB migration #7285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
thabofletcher wants to merge 23 commits into
base: main
Choose a base branch
from
+2,554 −0
Open

RBAC DB migration #7285

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
b52efed
feat: Add RBAC database tables and models
thabofletcher Jan 31, 2026
c3067db
Fix RBAC migration down_revision to chain after policy_conditions
thabofletcher Feb 1, 2026
f708a1e
Fix RBAC migration revision IDs to avoid conflicts with existing migr…
thabofletcher Feb 1, 2026
bcd8eac
Add RBAC model integration tests
thabofletcher Jan 31, 2026
20ba6e8
Fix cascade delete for RBAC user role assignments
thabofletcher Feb 1, 2026
e71f031
feat: add RBAC management scopes to seed migration
thabofletcher Feb 1, 2026
b1d7bd6
Add migration to seed fidesplus scopes into RBAC tables
thabofletcher Feb 2, 2026
1529e43
fix: update RBAC migration downrev to latest main
thabofletcher Feb 3, 2026
bdc9a62
Add changelog entry for RBAC migrations PR #7285
thabofletcher Feb 3, 2026
71005ba
fix: sort imports in RBAC model tests
thabofletcher Feb 3, 2026
46c1aa4
Fix ruff formatting in RBAC models
thabofletcher Feb 3, 2026
8845626
Fix mypy errors in RBAC models
thabofletcher Feb 3, 2026
90eb4fa
Fix rbac_role_permission schema to use composite PK
thabofletcher Feb 3, 2026
58d46de
Fix RBAC: use @declared_attr for __tablename__ (mypy + SQLAlchemy), s…
thabofletcher Feb 6, 2026
aa2abfa
fix: Update RBAC migration downrev and add missing scopes
thabofletcher Feb 11, 2026
ed72f84
Fix RBAC migration to match model definitions
thabofletcher Feb 11, 2026
07e49a3
Add data category annotations for RBAC tables
thabofletcher Feb 11, 2026
6b3ef4b
Merge branch 'main' into rbac-migration
galvana Feb 11, 2026
fd8d8cc
Merge branch 'main' into rbac-migration
thabofletcher Feb 11, 2026
7869909
Add RBAC scopes to SCOPE_REGISTRY and drift detection test
thabofletcher Feb 12, 2026
53c5818
Merge main into rbac-migration
thabofletcher Feb 12, 2026
371fac1
Remove RBAC scopes from SCOPE_REGISTRY
thabofletcher Feb 12, 2026
f360d39
Fix migration head conflict by updating RBAC down_revision
thabofletcher Feb 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
95 changes: 95 additions & 0 deletions .fides/db_dataset.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2069,6 +2069,101 @@ dataset:
data_categories: [system.operations]
- name: is_hash_migrated
data_categories: [system.operations]
- name: rbac_permission
description: 'Permission definitions for RBAC system'
fields:
- name: id
data_categories: [system.operations]
- name: created_at
data_categories: [system.operations]
- name: updated_at
data_categories: [system.operations]
- name: code
data_categories: [system.operations]
- name: description
data_categories: [system.operations]
- name: resource_type
data_categories: [system.operations]
- name: is_active
data_categories: [system.operations]
- name: rbac_role
description: 'Role definitions for RBAC system with hierarchy support'
fields:
- name: id
data_categories: [system.operations]
- name: created_at
data_categories: [system.operations]
- name: updated_at
data_categories: [system.operations]
- name: name
data_categories: [system.operations]
- name: key
data_categories: [system.operations]
- name: description
data_categories: [system.operations]
- name: is_system_role
data_categories: [system.operations]
- name: is_active
data_categories: [system.operations]
- name: parent_role_id
data_categories: [system.operations]
- name: priority
data_categories: [system.operations]
- name: rbac_role_constraint
description: 'Separation of duties and cardinality constraints for RBAC roles'
fields:
- name: id
data_categories: [system.operations]
- name: created_at
data_categories: [system.operations]
- name: updated_at
data_categories: [system.operations]
- name: name
data_categories: [system.operations]
- name: constraint_type
data_categories: [system.operations]
- name: role_id_1
data_categories: [system.operations]
- name: role_id_2
data_categories: [system.operations]
- name: max_users
data_categories: [system.operations]
- name: description
data_categories: [system.operations]
- name: is_active
data_categories: [system.operations]
- name: rbac_role_permission
description: 'Junction table mapping roles to permissions'
fields:
- name: role_id
data_categories: [system.operations]
- name: permission_id
data_categories: [system.operations]
- name: created_at
data_categories: [system.operations]
- name: rbac_user_role
description: 'User role assignments with resource scoping and temporal validity'
fields:
- name: id
data_categories: [system.operations]
- name: created_at
data_categories: [system.operations]
- name: updated_at
data_categories: [system.operations]
- name: user_id
data_categories: [system.operations]
- name: role_id
data_categories: [system.operations]
- name: resource_type
data_categories: [system.operations]
- name: resource_id
data_categories: [system.operations]
- name: valid_from
data_categories: [system.operations]
- name: valid_until
data_categories: [system.operations]
- name: assigned_by
data_categories: [system.operations]
- name: rule
data_categories: []
fields:
Expand Down
4 changes: 4 additions & 0 deletions changelog/7285.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
type: Added
description: Database migrations and models for dynamic RBAC system (roles, permissions, user assignments, constraints)
pr: 7285
labels: ["db-migration"]
Loading
Loading