BEP-1008 (new): Apply RBAC by HyeockJinKim · Pull Request #9 · lablup/beps

HyeockJinKim · 2025-06-26T08:08:10Z

No description provided.

fregataa

How about using a scope name "global" rather than "system"?
What happen if a client requests list of Entity in a "domain" scope but the client has a read permission only in a "project" scope which belongs to the domain? Would the client rejected or get the entity in project scope?
To clarify how RBAC handles such cases, let's add more details about checking permissions in nested scope recursively in RBAC check flow section.
Does "Role" belong to any scope? Or every Role can be globally used? Should the name of Role is unique globally or in a certain scope?
Can the role_permissions.operation column have only "creat", "read" value or can have joined string value like "create,read"?

Add RBAC BEP

bcd32e0

HyeockJinKim requested a review from fregataa June 26, 2025 08:08

HyeockJinKim self-assigned this Jun 26, 2025

HyeockJinKim changed the title ~~BEP1008: Add RBAC BEP~~ BEP1008: Apply RBAC Jun 26, 2025

fregataa reviewed Jun 27, 2025

View reviewed changes

achimnol merged commit a643031 into main Jun 27, 2025
1 check passed

achimnol changed the title ~~BEP1008: Apply RBAC~~ BEP-1008 (new): Apply RBAC Jun 30, 2025

Provide feedback