Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rfc: improvements to permissions in v3 #10116

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

rfc: improvements to permissions in v3 #10116

wants to merge 4 commits into from

Conversation

0x777
Copy link
Member

@0x777 0x777 commented Jan 25, 2024

@0x777 0x777 requested a review from a team as a code owner January 25, 2024 04:52
@0x777 0x777 changed the title rfc for improvements to permissions in v3 rfc: improvements to permissions in v3 Jan 25, 2024
codingkarthik
codingkarthik reviewed Feb 6, 2024
View reviewed changes
rfcs/permission-improvements-v3.md
Comment on lines +120 to +134
2. Provide merge semantics:

In the metadata, instead of composing a fixed set of permissions using
inherited roles, we could for example, allow specifying the permission
capabilities. For example,

```yaml
conflict_rules:
# admin insert permissions should be preferred over user role's insert
# permissions on all tables
- admin.insert > user.insert

# manager's update permissions should be preferred over user role's select
# update permissions on employee_details table
- manager.update.employee_details > user.update.employee_details
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this shouldn't be part of the metadata (otherwise we will run into the problems we had with inherited roles in V2) and rather it should be part of the GraphQL request, akin to SQL's on_conflict.

I am not sure how this information can be provided on a per-request basis, but one idea I can think of which may work is to accept a header that accepts a JSON object with the above mentioned rules.

@shahidhk shahidhk added the k/rfc RFC for a new feature / process label Feb 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codingkarthik codingkarthik codingkarthik left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
k/rfc RFC for a new feature / process
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@0x777 @codingkarthik @shahidhk