We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
See https://casbin.org/docs/abac
Where request is:
playbook: name: name id: labels: {} config: name: name owners: [] id type: Kubernetes::Pod tags: {} path: [] teams: [] # teams the user is member of
Which would allow policies to be added like:
kind: Permission metadata: uid: abc permissions: - action: playbook:run team: everyone inherited: true config: #...selectorFields id: def # id of aws cluster - action: playbook:run owner: true - action: playbook:run team: SRE Team playbook: name or ID
Which corresponds to:
p, r.playbook.id == 'abc' && 'def' in r.config.path p, r.playbook.id == 'abc' && r.sub.id in r.config.owners p, r.playbook.id == 'abc' && 'everyone' in r.sub.teams && ' 'def' in r.config.path
p, r.playbook.id == 'abc' && 'def' in r.config.path
p, r.playbook.id == 'abc' && r.sub.id in r.config.owners
p, r.playbook.id == 'abc' && 'everyone' in r.sub.teams && ' 'def' in r.config.path
And then from a UI perspective on a config item there would be a permission tab/table with:
And on the playbook permissions tab
$owners
The permission table would need:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
See https://casbin.org/docs/abac
Where request is:
Which would allow policies to be added like:
Which corresponds to:
p, r.playbook.id == 'abc' && 'def' in r.config.path
p, r.playbook.id == 'abc' && r.sub.id in r.config.owners
p, r.playbook.id == 'abc' && 'everyone' in r.sub.teams && ' 'def' in r.config.path
And then from a UI perspective on a config item there would be a permission tab/table with:
And on the playbook permissions tab
$owners
The permission table would need:
The text was updated successfully, but these errors were encountered: