feat: add project-level roles to SCIM API #17812
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
|
Your preview environment pr-17812 has been deployed. Preview environment endpoints are available at: |
|
Preview environment logs can be accessed at: https://console.cloud.google.com/logs/query;query=resource.labels.namespace_name%3D%22pr-17812%22;duration=PT30M?project=lightdash-previews |
|
You can ssh into the preview environment by running: |
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
packages/backend/src/ee/services/ScimService/ScimService.test.ts
Outdated
Show resolved
Hide resolved
| }, | ||
| customRoles: { | ||
| enabled: process.env.CUSTOM_ROLES_ENABLED === 'true', | ||
| enabled: true, |
There was a problem hiding this comment.
Do we want to enable custom roles for everyone now?
| schemas: [ScimSchemaType.LIST_RESPONSE], | ||
| totalResults: 5, // viewer, interactive_viewer, editor, developer, admin | ||
| itemsPerPage: 5, | ||
| totalResults: 21, // 5 org system + 2 org custom + 7 per project (2 projects) = 5+2+14 = 21 |
There was a problem hiding this comment.
We don't yet support org roles, which is probably why this test is failing.
| const parsedFilter = filter ? parse(filter) : null; | ||
| this.logger.debug('SCIM: Parsed role filter', { parsedFilter }); | ||
|
|
||
| const allScimRoles: ScimRole[] = []; |
There was a problem hiding this comment.
What would you think of abstracting this into a getAllRoles method?
|
Preview environment logs can be accessed at: https://console.cloud.google.com/logs/query;query=resource.labels.namespace_name%3D%22pr-17812%22;duration=PT30M?project=lightdash-previews |
|
You can ssh into the preview environment by running: |
ZeRego
force-pushed
the
feat_enable_custom_roles_by_default_and_add_project-level_roles_to_SCIM
branch
from
936f641 to
58da8f2
Compare
ZeRego
changed the title
…or handling for getRole
|
Preview environment logs can be accessed at: https://console.cloud.google.com/logs/query;query=resource.labels.namespace_name%3D%22pr-17812%22;duration=PT30M?project=lightdash-previews |
|
You can ssh into the preview environment by running: |
ZeRego
deleted the
feat_enable_custom_roles_by_default_and_add_project-level_roles_to_SCIM
branch
# [0.2136.0](0.2135.2...0.2136.0) (2025-11-04) ### Features * add project-level roles to SCIM API ([#17812](#17812)) ([ab2c118](ab2c118))
|
🎉 This PR is included in version 0.2136.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Closes: #N/A
Description:
Enable custom roles by default and add project-level roles to SCIM API responses. This PR enhances the SCIM service to include both organization-level and project-level roles (including custom roles) when listing available roles. The implementation filters out preview projects and properly formats role identifiers with project context.
The changes allow identity providers to see and manage a complete set of roles including:
Each project role is formatted with a composite ID (projectUuid:roleId) and a display name that includes the project name for clarity.
List roles
Get project role
List roles (with custom role)
Get custom project role:
