You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The RBAC system for StackStorm is unnecessarily complex and needs some kind of updating. Just wanted to open some dialog for thoughts on how to update/fix this to make it more simple and intuitive to use.
In #5303 it was suggested to maybe use oso but I think this is in beta at the moment at least its stated as such on pypi. I've also looked at some other packages I wont name here just yet, but they all use a unix-like filesystem method for doing this. Not sure if this is a good or bad thing.
There was also the discussion of using ACL over RBAC. I'm not exactly sure of the difference here holistically. Maybe programmatically its different that I'm not exactly understanding?
With the new system I think the yaml files should maybe go away? I say this because with yaml files it gives the potential for anyone to make changes to the app's permissions when it should be an admin within the app that makes these decisions. Any root user could edit these files without the actual stakeholders knowing about it. While I like the idea of configuration as code - which is how I use Tower to sync our RBAC files across all our clusters - most apps manage users within the app itself and not outside the app.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm pulling in this discussion from the RBAC issues since its seems to be overlooked over there. StackStorm/st2-rbac-backend#53
Beta Was this translation helpful? Give feedback.
All reactions