Tracker #17954

Unify roles and permissions across plugins

Added by Ondřej Pražák 4 months ago. Updated 19 days ago.

Status:New% Done:

0%

Priority:Normal
Assigned To:Ondřej Pražák
Category:-
Target version:Team Marek Iteration 13
Difficulty: Bugzilla link:1304608
Found in release:
Story points-
Velocity based estimate-

Description

Each plugin handles permissions and roles differently: some create just permissions and no roles, some create plugin-specific roles. This tracker should monitor the progress of making roles uniform across all plugins.

Expected outcome:
- each plugin has plugin-specific Viewer and Manager roles (see openscap or rex). Additional plugin-specific roles are certainly possible if plugin needs them.
- plugin permissions are added to Manager and Viewer roles provided by core.


Related issues

Blocked by Foreman Remote Execution - Bug #17953: Add remote execution permissions to Viewer and Manager roles Closed 01/06/2017
Blocked by OpenSCAP - Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles Closed 01/06/2017
Blocked by Ansible - Bug #17957: Add foreman_ansible permissions to Viewer and Manager roles Closed 01/06/2017
Blocked by Discovery - Bug #17959: Add foreman_discovery permissions to Manager and Viewer r... Closed 01/06/2017
Blocked by Docker - Bug #17960: Add foreman_docker permissions to Manager and View roles Closed 01/06/2017
Blocked by foreman-tasks - Bug #17961: Add foreman-tasks permissions to Manager and Viewer roles Closed 01/06/2017
Blocked by Katello - Bug #17962: Add Katello's permissions to Manager and and Viewer roles Closed 01/06/2017
Blocked by Boot disk - Bug #17963: Add foreman_bootdisk permissions to Manager role Closed 01/06/2017
Blocked by Foreman - Feature #18001: Allow plugins to easily add their permissions to core's V... Closed 01/10/2017
Blocked by Foreman - Feature #19039: Lock plugin roles Ready For Testing 03/27/2017

History

#1 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17953: Add remote execution permissions to Viewer and Manager roles added

#2 Updated by Ondřej Pražák 4 months ago

  • Blocks Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added

#3 Updated by Ondřej Pražák 4 months ago

  • Blocks deleted (Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles)

#4 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added

#5 Updated by Ondřej Pražák 4 months ago

  • Bugzilla link set to 1304608

#6 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17957: Add foreman_ansible permissions to Viewer and Manager roles added

#7 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17959: Add foreman_discovery permissions to Manager and Viewer roles added

#8 Updated by Ondřej Pražák 4 months ago

  • Blocks Bug #17960: Add foreman_docker permissions to Manager and View roles added

#9 Updated by Ondřej Pražák 4 months ago

  • Blocks deleted (Bug #17960: Add foreman_docker permissions to Manager and View roles)

#10 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17960: Add foreman_docker permissions to Manager and View roles added

#11 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17961: Add foreman-tasks permissions to Manager and Viewer roles added

#12 Updated by Ondřej Pražák 4 months ago

  • Blocks Bug #17962: Add Katello's permissions to Manager and and Viewer roles added

#13 Updated by Ondřej Pražák 4 months ago

  • Blocks deleted (Bug #17962: Add Katello's permissions to Manager and and Viewer roles)

#14 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17962: Add Katello's permissions to Manager and and Viewer roles added

#15 Updated by Ondřej Pražák 4 months ago

  • Blocked by Bug #17963: Add foreman_bootdisk permissions to Manager role added

#16 Updated by Marek Hulán 3 months ago

Ondřej, could we also prevent this happening in future? What if every permission defined by plugin would be automatically assigned to Manager role and if it matches view_.+ it would be also associated to Viewer? Plugins would only defined plugin_manager and plugin_viewer role. Any other suggestions are welcome.

#17 Updated by Ondřej Pražák 3 months ago

  • Blocked by Feature #18001: Allow plugins to easily add their permissions to core's Viewer and Manager added

#18 Updated by Ondřej Pražák 3 months ago

I do not think we can do this completely automatically and there may be cases when we do not want to. But I think #18001 is a reasonable solution.

#19 Updated by Marek Hulán 3 months ago

  • Assigned To set to Ondřej Pražák
  • Target version set to Team Marek Iteration 9

#20 Updated by Marek Hulán 2 months ago

  • Target version changed from Team Marek Iteration 9 to Team Marek Iteration 10

#21 Updated by Marek Hulán 2 months ago

  • Target version changed from Team Marek Iteration 10 to Team Marek Iteration 11

#22 Updated by Marek Hulán about 1 month ago

  • Target version changed from Team Marek Iteration 11 to Team Marek Iteration 12

#23 Updated by Ondřej Pražák 27 days ago

#24 Updated by Marek Hulán 19 days ago

  • Target version changed from Team Marek Iteration 12 to Team Marek Iteration 13

Also available in: Atom PDF