Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tsfSK-004HZD-DN for pgadmin-hackers@arkaria.postgresql.org; Thu, 13 Mar 2025 10:06:25 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tsfSJ-009eNh-2X for pgadmin-hackers@arkaria.postgresql.org; Thu, 13 Mar 2025 10:06:23 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tsfSI-009eNZ-Dt for pgadmin-hackers@lists.postgresql.org; Thu, 13 Mar 2025 10:06:22 +0000 Received: from mail-lj1-x22f.google.com ([2a00:1450:4864:20::22f]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tsfSE-002d5p-2I for pgadmin-hackers@postgresql.org; Thu, 13 Mar 2025 10:06:22 +0000 Received: by mail-lj1-x22f.google.com with SMTP id 38308e7fff4ca-30bf1d48843so6885801fa.2 for ; Thu, 13 Mar 2025 03:06:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pgadmin.org; s=google; t=1741860379; x=1742465179; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jsocDBiytWw8fxS6DI1+nhwF4uF/BFB6FVGgdcAU0Ms=; b=JCNtrYcyvBzcRc+H1FNupDZeu7VBFVig2gLpqcQcZflBwu+nj09sifJkLb+uvhhEed sqftQLViO8VcOBeh/5Gpc9eKSWUXFd3/011WKtSrNCc1w3ldYLUZo+B/A9ZZ7KrjerQD PvMZ9b9IoUKJHNcDJFByE86polmPqIYULlamgV6RurkuAsqIsZHvUNZmDnXuKrkXBF0s ZWjYuJg8rEO2tDP1GG8HKOxRCiE6nqZ3gJdJhlS3UtgDOPvqogEjFwtZMgX6TVvVrU43 qbwDyiH3X0i3Ey/dVaFyiJg3fOhXHVGpcoUv5+xmmnPqyovBE9mxxiCeoZWE3BidihGS rL3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741860379; x=1742465179; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jsocDBiytWw8fxS6DI1+nhwF4uF/BFB6FVGgdcAU0Ms=; b=fwvyivRc8JapeN41YL5wUJPQ7Dq/rM2omf6t/UjpzTCGD8AXmiV9pjKN6p/Z4QFMqR Z3bPIk3GG5q2AYBti8zu9eCUjnp+ZFaFU9EFBWsv+AUmzcRiqphJDQvwfTWAMf0BC8p0 Lq3UZQBz59oWeVCtZUCKaFklUX3bZn+z1wjWi8ERM9lKCTA/OQnSWUi4IEXcCeOS12bs l19chboGPokR0dwdDfnQkG944wu7E3fMk57S8u2ptcmWY1TCOJRHdBgNih1+T7gP2GaC vZOG/wQAz9/jreUm2N7AIXyMKEvflkLPDD/oZr5ArGuUJ/t53Ho0Ej1ExxAkLFdM5MA/ irhQ== X-Gm-Message-State: AOJu0Yyo+tdHOB9edeaW8TJjH3JIxkYUloREy5vT9k/oSmEQOB71oGEO Yy1jgJt3n1u9pqlXKeX/xN7Q6iWmJCrz/zd5Vynwc3j/BGygnl4E/96fvZUsS+Og2gJo1zKv2Zo oFjpYNk6E51XEU037f+OADWq/qMAlaGl7lJm1B0fzpnnHag/HbQ== X-Gm-Gg: ASbGncvVaTblzS7WO8b0ikZ4D350KTa7d4+7s4Vont51cr/D+h+1FqvrttfcZ6/T9pk 4qTg9Q3Km3Pk7n3lgLQZBN18+BKU+iUmY1AQiiWUtU9nNPQ0uOY5Xc29ScKdX1Zu9Awr4BJGpFn CBMwznFJ3kj9WARZZ0jln5iPCXdfNg X-Google-Smtp-Source: AGHT+IGpE99ijfJjyy5ci0yuclTaX6netXkOIcTSYG2zFT9nI18SDw35wn/8A83fX9xlN2IJZ2VfnG8shM3Yeb1SqpI= X-Received: by 2002:a05:6512:1112:b0:545:154:52b0 with SMTP id 2adb3069b0e04-54990e5ee1emr8618636e87.22.1741860377629; Thu, 13 Mar 2025 03:06:17 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dave Page Date: Thu, 13 Mar 2025 10:06:06 +0000 X-Gm-Features: AQ5f1JqVK1DKYKvA7G5XojeKqiUstXUD8BkdVH5yaqX5EPFFZSWu3eHaKo5CXkE Message-ID: Subject: Re: Role based access control discussion To: Aditya Toshniwal Cc: pgadmin-hackers Content-Type: multipart/alternative; boundary="0000000000000f040806303679b8" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000000f040806303679b8 Content-Type: text/plain; charset="UTF-8" Hi On Thu, 13 Mar 2025 at 06:16, Aditya Toshniwal < aditya.toshniwal@enterprisedb.com> wrote: > Hi Hackers, > > I have started looking into a feature where users have requested for > custom roles. The roles can then be assigned permissions. Here's what I > think how it can be done: > > 1. Create a framework for roles based access control. > 2. Allow adding/editing/deleting roles from UI. > 3. User management dialog can be converted to a tab to get extra space > for other stuff. > 4. pgAdmin can have some predefined permissions. The permissions can > then be used to validate at the API levels and UI. > 5. New permissions cannot be added from UI as it will require code > changes. They can be added based on user requests. > 6. Admin can allow these permissions to the roles and roles can be > assigned to users. > 7. Permissions will be used to > 8. Admin role remains static with no changes allowed. > > Let me know your thoughts on this. If everything looks good then I will > proceed. > What permissions would we support initially? -- Dave Page pgAdmin: https://www.pgadmin.org PostgreSQL: https://www.postgresql.org pgEdge: https://www.pgedge.com --0000000000000f040806303679b8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi

On Thu, 13 Mar 20= 25 at 06:16, Aditya Toshniwal <aditya.toshniwal@enterprisedb.com> wrote:
Hi Hackers,

I have started looking int= o a feature where users have requested for custom roles. The roles can then= be assigned permissions. Here's what I think how it can be done:
=
  1. Create a framework fo= r roles based access control.
  2. Allow adding/editing/deleting roles f= rom UI.
  3. User management dialog can be converted to a tab to get ext= ra space for other stuff.
  4. pgAdmin can have some predefined permissi= ons. The permissions can then be used to validate at the API levels and UI.=
  5. New permissions cannot be added from UI as it will require code ch= anges. They can be added based on user requests.
  6. Admin can allow th= ese permissions to the roles and roles can be assigned to users.
  7. Pe= rmissions will be used to=C2=A0
  8. Admin role remains static with no c= hanges allowed.
Let me know your thoughts on this. If everyth= ing looks good then I will proceed.

What=C2=A0permissions would we support initially?
=C2=A0
--
--0000000000000f040806303679b8--