Re: Role based access control discussion

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Aditya Toshniwal <[email protected]>
To: Dave Page <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: Role based access control discussion
Date: Thu, 13 Mar 2025 15:55:25 +0530
Message-ID: <CAM9w-_kjvSGfZ+K1qFABhYfE0kCJ0gDWU3ZyT-Ywb0AEX8=3eg@mail.gmail.com> (raw)
In-Reply-To: <CA+OCxowN3uKQLWTf6F1j7_Zo_72CVj+jue4XjOdnRp3LHxH7Qw@mail.gmail.com>
References: <CAM9w-_n9sUD1i_qzfowp5=CS0voUnmcGX-UeK8pZ5k3+xuHtLQ@mail.gmail.com>
	<CA+OCxowN3uKQLWTf6F1j7_Zo_72CVj+jue4XjOdnRp3LHxH7Qw@mail.gmail.com>

Hi Dave,

On Thu, Mar 13, 2025 at 3:36 PM Dave Page <[email protected]> wrote:

> Hi
>
> On Thu, 13 Mar 2025 at 06:16, Aditya Toshniwal <
> [email protected]> wrote:
>
>> Hi Hackers,
>>
>> I have started looking into a feature where users have requested for
>> custom roles. The roles can then be assigned permissions. Here's what I
>> think how it can be done:
>>
>>    1. Create a framework for roles based access control.
>>    2. Allow adding/editing/deleting roles from UI.
>>    3. User management dialog can be converted to a tab to get extra
>>    space for other stuff.
>>    4. pgAdmin can have some predefined permissions. The permissions can
>>    then be used to validate at the API levels and UI.
>>    5. New permissions cannot be added from UI as it will require code
>>    changes. They can be added based on user requests.
>>    6. Admin can allow these permissions to the roles and roles can be
>>    assigned to users.
>>    7. Permissions will be used to
>>    8. Admin role remains static with no changes allowed.
>>
>> Let me know your thoughts on this. If everything looks good then I will
>> proceed.
>>
>
> What permissions would we support initially?
>

Based on https://github.com/pgadmin-org/pgadmin4/issues/7310, we can start
with not allowing users to register a server. We'll start 1 or 2 may be,
the intention is to create a framework which will allow us to keep adding
permissions on future requests.

>
> --
> Dave Page
> pgAdmin: https://www.pgadmin.org
> PostgreSQL: https://www.postgresql.org
> pgEdge: https://www.pgedge.com
>
>

-- 
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
<https://www.enterprisedb.com/;
"Don't Complain about Heat, Plant a TREE"

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: Role based access control discussion
  In-Reply-To: <CAM9w-_kjvSGfZ+K1qFABhYfE0kCJ0gDWU3ZyT-Ywb0AEX8=3eg@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox