Custom properties for blueprint permissions
P
Pablo Quintana (AR)
Now, the only way to assign permissions over an entity is by using owning_teams property and configuring the ownedByTeam: true/false on the blueprint permissions. We would like to define custom teams arrays as properties that can be inherited from relations and assigned granular permissions over entities (just like owning_teams, but being custom properties).
Aidan O'Connor
Without this feature, this will be very difficult to implement for very large organizations. The burden of centralized administration is too much, so this will help to delegate smaller aspects of administration
Members of teams should be able to have different access permissions for certain blueprints to help manage this
P
Pablo Quintana (AR)
In my mind it would look smth like this:
{
"entities": {
"read": {
"roles": [
"arde_sast_vuln-moderator",
"Admin"
],
"users": [],
"teams": [],
"entityRoles": [
"owning_teams",
"reader_teams" // where reader_teams is a custom blueprint property we assign or mirror
]
},