Page MenuHome

Permission system for Flamenco
Closed, ResolvedPublic

Description

We should have a better permission system than just the role flamenco-admin.
Some ideas for access rules:

  • Users with just subscriber or demo role can only view Flamenco. This is limited to projects they are part of, and Managers they are owner of.
  • Users with either subscriber or demo role AND flamenco-admin role have unlimited access to all of Flamenco.
  • Users need either subscriber or demo role AND flamenco-user role to have any write access to Flamenco, even when they are members of a project that's set up for Flamenco.
  • Ownership of a Manager is defined by a single group. All members of that group are considered equal.
  • Owners of a Manager can link that manager with projects they manage (i.e. have PUT access to).
  • Owners of a Manager can unlink that manager from any project.
  • Owners of a Manager can manage jobs/tasks/task logs belonging to projects they have PUT access to.
  • Members of a project that are not Owners of a Manager can manage jobs/tasks/task logs belonging to projects they have PUT access to.
  • Owners of a Manager can see, delete, and create authentication tokens for the Manager's service account. For now, let's just allow a single authentication token per Manager.

Details

Type
Design

Event Timeline

Assigned to @venomgfx to click through and see if things are working / aren't broken.

Francesco Siddi (fsiddi) closed this task as Resolved.Jun 9 2017, 12:50 PM

Tested after closing all subtasks and it looks good. Used the description of this task as a draft for docs about the permissions system in 5a429d29e1da9a3f00cabe94071a7b5c8ae392b6.
Thanks @Sybren A. Stüvel (sybren) !