[Pulp-dev] RBAC: Secure by default?
ttereshc at redhat.com
Wed Dec 16 19:13:35 UTC 2020
It sounds like a good idea, and additional +1 that it doesn't break
On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg <mdellweg at redhat.com>
> In today's pulpcore meeting, we discussed that any endpoint that is not
> aware of RBAC yet will be open to every authenticated user.
> The suggestion that was given, is that we change that default. So all
> endpoints will raise permission errors unless RBAC opens them up.
> This would not affect any existing installation, where we only allowed the
> use of a single admin user. And by circumventing the permission framework
> this special user will remain to be able to talk to all available endpoints
> without restrictions.
> On the other hand it should smooth out the transition period until we have
> RBAC in all places. Since you could start giving permissions to users for
> viewsets that have an access_policy, while not risking to give them access
> to other sensitive parts that don't have it yet.
> What do you all think?
> Pulp-dev mailing list
> Pulp-dev at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pulp-dev