Role based access control

(Hnanchahal) #1

I have a question around Role based access control. With what i have read, if RBAC is enabled, the auth token that gets issued to the user will have permission to only the resources that are assigned for access to that user.
Does these permissions get inherited to the API key? If a user fetches an API key using that access token and if the API key is then used for the API calls, will that be restricted the same way as the e token?

Another followup question is is there a way i can just use the API key for access control? i.e if I generate an API key but have specific permissions assigned for that key i.e can just create actions and run actions and then any api call using that key would be just be able to access those resources.

It might be little confusing but what i am looking to accomplish is if i want to expose this as a service to our internal customers, i would not want to create individual users for everyone wanting to do some automation.

(Hnanchahal) #2

Also looking at the role.yaml file, its defining the uuids. If a user creates a pack using an auth token, does the role definition gets updated with this uuid?

(Lindsay Hill) #3
(Hnanchahal) #4

So in this case if i create a workflow where users reach out to admins for an API key, how can the user be independent from there on. i.e Once the API key is created, and i have a role for example that has min access for example just access to the core actions, if a user creates a new pack doe that role definition gets updated when the packs are created? or will that need to be updated manually? How are the access permissions for the key getting tied to the access permission on the packs that user is creating?
how willl create pack access look like in the role yaml when the pack has t even been created.