Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable developers to fetch the list of attributes which the current user has access to #705

Open
jrschumacher opened this issue Apr 30, 2024 · 6 comments
Open

Enable developers to fetch the list of attributes which the current user has access to #705

jrschumacher opened this issue Apr 30, 2024 · 6 comments
Assignees
@jakedoublev
Labels
comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry)

Comments

@jrschumacher
Copy link
Member

jrschumacher commented Apr 30, 2024
edited

To build PEPs with rich UX, developers need the ability to get the list of attributes that the user has access to. This feature enables PEPs to only allow creating TDFs with attributes to ensure the data created is accessible.
@strantalis strantalis added the comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) label May 1, 2024
@jakedoublev
Copy link
Contributor

Blocked by #644

@strantalis
Copy link
Member

@jrschumacher @jakedoublev Is this just a get entitlements call to determine which attributes a user has access to?

@jakedoublev
Copy link
Contributor

jakedoublev commented May 13, 2024
edited

@jrschumacher @jakedoublev Is this just a get entitlements call to determine which attributes a user has access to?

@strantalis Yes, it is, but this issue implies an "unscoped" (no FQNs) GetEntitlements call, which will currently result in an error with the current Auth Service implementation.

The blocking issue (#644) will allow the ability to go from Entity -> flattened Entity Representation selectors/values -> matched Subject Condition Sets / Mappings -> Attribute Values as Entitlements.

@strantalis
Copy link
Member

@jakedoublev If scopes is empty we should just return all entitlements for a user. At least thats how I would expect it to work.

I don't fully understand why we error if scopes is empty. Do you know if we even did performance tests against this path?

@jrschumacher
Copy link
Member Author

No I don't think we have with the latest.

@jrschumacher
Copy link
Member Author

The performance concerns seem related to the algorithmic complexity, as documented in #365. However, we could allow it and just document that there might be performance issues with X number of subject mappings based on our performance tests.

@jakedoublev jakedoublev mentioned this issue May 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jakedoublev jakedoublev

Labels
comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jrschumacher @strantalis @jakedoublev