[Pulp-dev] RBAC: Secure by default?

Matthias Dellweg mdellweg at redhat.com
Tue Dec 15 16:56:51 UTC 2020

In today's pulpcore meeting, we discussed that any endpoint that is not
aware of RBAC yet will be open to every authenticated user.

The suggestion that was given, is that we change that default. So all
endpoints will raise permission errors unless RBAC opens them up.
This would not affect any existing installation, where we only allowed the
use of a single admin user. And by circumventing the permission framework
this special user will remain to be able to talk to all available endpoints
without restrictions.
On the other hand it should smooth out the transition period until we have
RBAC in all places. Since you could start giving permissions to users for
viewsets that have an access_policy, while not risking to give them access
to other sensitive parts that don't have it yet.

What do you all think?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20201215/860d7d2f/attachment.htm>

More information about the Pulp-dev mailing list