[Platform] Implement RBAC #2793
Assignees
Labels
Comments
ramkumarvs
added
area/ui
Arnav15
added a commit
that referenced
this issue
Dec 20, 2019
Summary: This diff introduces the following things: 1) Additional check when running APIs against universes to verify they belong to the customer. 2) A User table to support multiple users for a customer. The users also have an associated role for RBAC. The registration now creates a customer and an admin user. 3) Migrate existing YWs to move customer level info to the Users table. 4) The session controller now uses the AuthToken/ApiToken at the user level rather than the customer. 5) Added RBAC so that read only users cannot access POST/PUT requests (other than for metrics) 6) New APIs to work with the Users (Create, Get, Delete and Change Role). 7) Updated insecure login to only allow read-only access and for insecure-logins to only work in single-tenant YWs. 8) Made corresponding changes to yugabyted to work correctly with the new insecure login. Test Plan: Created a multi-tenant YW with version 2.0.6. Created two customers. Then upgraded the YW to the latest version and verified through the postgres table that the Users table got populated. Verified that YW worked as expected. Created two read only users and verified that it did not support POST/PUT requests. Created a universe and verified that the read only user for the same customer could see the metrics as well as the universe information and that the other customer's users could not see the universe as well as access the universe even with the universe UUID in the URL. Reviewers: sanketh, andrew, vit.pankin, ram, wesley Reviewed By: ram, wesley Subscribers: daniel, wesley, jenkins-bot, yugaware Differential Revision: https://phabricator.dev.yugabyte.com/D7694
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Implement RBAC in platform side, with atleast two roles (admin and read-only).
The text was updated successfully, but these errors were encountered: