Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tsbs8-003Za8-Ua for pgadmin-hackers@arkaria.postgresql.org; Thu, 13 Mar 2025 06:16:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tsbs7-00557X-L4 for pgadmin-hackers@arkaria.postgresql.org; Thu, 13 Mar 2025 06:16:47 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tsbs7-00556u-D5 for pgadmin-hackers@lists.postgresql.org; Thu, 13 Mar 2025 06:16:47 +0000 Received: from mail-ua1-x944.google.com ([2607:f8b0:4864:20::944]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tsbs4-002YjB-2G for pgadmin-hackers@postgresql.org; Thu, 13 Mar 2025 06:16:45 +0000 Received: by mail-ua1-x944.google.com with SMTP id a1e0cc1a2514c-86d5e3ddb66so266731241.2 for ; Wed, 12 Mar 2025 23:16:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1741846604; x=1742451404; darn=postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=2C6PTGY+MupJHktHVsFWiTKk8ObejpbB+DC+POxitc0=; b=LRVogRx38nKjVQtC7Khddrqj5LfN60x8MsR74JErKieu54MD3N09RPE3caWX88YH7r lrea+ayk825pP99wy2w7PHC0RH4dCtd74PhKJlAFNmGVFmDj8Iwxqat94G2fvoA0X6zf GWMpyRiGGDlwkvll9nPvRYUO4kRkD/b8Hn6eogJ06JA8mnQb8aWW9s4ESIeuevHph0Lt +W1SqQhtr5XytVvtdtOnxkSSqXK9Wq/DlgFa0EK0U19iD7PLvA8yuRB+svbtdCexcLT4 nYbJ6HPMjYbJRuUyp7OwSdj81eVz4v+yAs2tBpyJgL7xjqARkNfD5/bOhe84G9QlE8Fs 05Ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741846604; x=1742451404; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=2C6PTGY+MupJHktHVsFWiTKk8ObejpbB+DC+POxitc0=; b=ZXNhR6ZcF9QmHXugRXhKJO0ijOv0tAFoAxdtTpRPTqvtu6cTMe3/iNRSW5R2CcgM/d g0cZaTQEhCAuuKvza3xAIK5NbxQDPKjmiROfwfBU18UXWDFSSYD9PxgZiyZ1vwo6letx mV+6guy/ff0aX0Mc3NJsaKBjfzb+Ryd0I4ObD3A4je7F55q9rAC7ABzYXEqlmbGHH9B4 Sw15Xn++tKf2naoEq0FBTqWAPaqgE/c1J2sUErSFJoO0GrPsG+8ZHYjnVa5gbNIdj9Fi ITQFACNlxRorr/LfaugfVySTEW4MzlSmriaiG+6Mpw+p9oYVbSWdFUBHv/cmbSr9VMB0 14mg== X-Gm-Message-State: AOJu0YyRZ+EY5Zw5yTUsDfXtjnqsOVJg3ZI5LO8C2Y1mbjV67To2Z0VC YrVKLv8kmvK/PR0MCJ+QrDQxJs5Egc1D4WRNlrwlpy5NGTsr2CXY8FUU3Um7ikl4u+MDd+750ga DFFLS9M7w0OMwRwIoz9WP6vzm8Z6izX4mxDcQOwRf00vzLX+Pa8dtYdA= X-Gm-Gg: ASbGnctjng9l3Od2ztypzR3wfEBrgymNLSbOfGaHiLx0ngkY5MahggFQej2p81HvUr3 9Cnc/uz/9JzUNPA2mkky9fokW7DIlxMEjkke1BGerYVJrkg+DNkSJQLdi4uN8Sh/0b8mbKORUsn kbhYJClW2bvqfJfLZkMxQJy2vjPeyEbe7ofMxzZn92q12kl2j6ELd5Ol45lmc= X-Google-Smtp-Source: AGHT+IHqznazKOLnN/X0x3mQ4EUvALIBgGkEeuZJiLUv/zQpKmYRaWw5Rqp+Qu+a8c3gfJKPciHo4P83IrRhgg0W3xw= X-Received: by 2002:a05:6102:32c1:b0:4c3:6979:2ec with SMTP id ada2fe7eead31-4c369792248mr6422208137.11.1741846603727; Wed, 12 Mar 2025 23:16:43 -0700 (PDT) MIME-Version: 1.0 From: Aditya Toshniwal Date: Thu, 13 Mar 2025 11:46:08 +0530 X-Gm-Features: AQ5f1JoYQdcmubMutDCLKYxhchHAQGjd54YVNtfUVE7toZbA4SFcUmm4bnQhMgQ Message-ID: Subject: Role based access control discussion To: pgadmin-hackers Content-Type: multipart/alternative; boundary="00000000000011ac8a063033447d" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000011ac8a063033447d Content-Type: text/plain; charset="UTF-8" Hi Hackers, I have started looking into a feature where users have requested for custom roles. The roles can then be assigned permissions. Here's what I think how it can be done: 1. Create a framework for roles based access control. 2. Allow adding/editing/deleting roles from UI. 3. User management dialog can be converted to a tab to get extra space for other stuff. 4. pgAdmin can have some predefined permissions. The permissions can then be used to validate at the API levels and UI. 5. New permissions cannot be added from UI as it will require code changes. They can be added based on user requests. 6. Admin can allow these permissions to the roles and roles can be assigned to users. 7. Permissions will be used to 8. Admin role remains static with no changes allowed. Let me know your thoughts on this. If everything looks good then I will proceed. -- Thanks, Aditya Toshniwal pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com* "Don't Complain about Heat, Plant a TREE" --00000000000011ac8a063033447d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Hackers,

I have started looking into a feature w= here users have requested for custom roles. The roles can then be assigned = permissions. Here's what I think how it can be done:
  1. Create a f= ramework for roles based access control.
  2. Allow adding/editing/delet= ing roles from UI.
  3. User management dialog can be converted to a tab= to get extra space for other stuff.
  4. pgAdmin can have some predefin= ed permissions. The permissions can then be used to validate at the API lev= els and UI.
  5. New permissions cannot be added from UI as it will requ= ire code changes. They can be added based on user requests.
  6. Admin c= an allow these permissions to the roles and roles can be assigned to users.=
  7. Permissions will be used to=C2=A0
  8. Admin role remains stati= c with no changes allowed.
Let me know your thoughts on this.= If everything looks good then I will proceed.

--
= Thanks,
Aditya Toshniwal
p= gAdmin Hacker=C2=A0| Sr. Staff SDE II=C2=A0| enterprisedb.com
"Don't= Complain about Heat, Plant a TREE"
--00000000000011ac8a063033447d--