Fix privacy for puppetclasses.
|Assignee:||Greg Sutcliffe||% Done:|
|Velocity based estimate||-|
So currently puppetclasses permissions seem to be settable at the puppet_env level. I don't think this is granular enough, and would like to explicitly set a user/usergroup filter on the puppetclasses that a user/usergroup can see and tag a node with.
Really this would be most useful at the usergroup level, but filters at the usergroup level don't exist. (Am starting to think all filters should be moved to the usergroup level and if a user needs filtering, one should create a single-user usergroup.)
#1 Updated by Jason Montleon over 1 year ago
I agree with Brian's comments, both about moving Filter's to the group level and being able to restrict access to the the classes users can see and assign to nodes via filters. This came up in a discussion with our group today and the feeling was that this would be a great additional feature. Users are likely to end up needing access to multiple environments, but needing access to only a subset of classes in each.
#2 Updated by Corey Osman over 1 year ago
This would entail a few new items.
1. allow ability to filter out non authorized classes for each user when requested in the puppetclasses model
2. Build the support within the edit role view so that a admin could select which classes the role should contain.
#3 Updated by Brian Gupta over 1 year ago
Hmm. wouldn't we do this is a filter, like we do domains? IE: The roles do not contain specific data. They just contain broad permissions, like view, edit, etc, for each type of high level collection. The user level filters contain the details, and I believe would be were you set the allowed classes. -Brian