More granular permissions


#1

I know we can set “Read & Write” or “Read” only permissions on an Application level based on a users group membership. Is it possible to setup more granular permissions. Like on a per Pipeline level or something similar? If so, how can we set more granular permissions?


#2

@winlam right now, that isn’t totally possible without some mixture of restricted accounts, manual approvals and service accounts. even then it may not quite be what you’re expecting and a management headache.

however, this would be the best place to start talking about what you’d like to see in the future!

@ttomsu


#3

The idea has been floated/requested before. I purposefully kept them coarse grained to prove out the approach before diving in to a full fledged RBAC model.

In my mind, the current ability is good enough for most cases, but not all of them. Sadly, I don’t have the inclination to built out the full model until there is a major push to do so, and more importantly, someone willing to support users (new and old) and maintain the code across authn options, authz integrations, and the proliferation throughout the internals of the system.