Custom Roles and Permissions for Blueprint Entities
P
Pablo Quintana (AR)
Now, the only way to assign permissions over an entity is by using owning_teams property and configuring the ownedByTeam: true/false on the blueprint permissions. We would like to define custom teams arrays as properties that can be inherited from relations and assigned granular permissions over entities (just like owning_teams, but being custom properties).
C
Constant Young (US)
I would also say to show various views within port where the data ownership could be inherited from multiple places this is crucial to managing that. Think of a developer versus a large portfolio leader where both need access but atm we can only support one or the other.
Matan Grady
Constant Young (US): Thank you for the feedback. We do have the ability today to inherit team ownership from a different component. Can you clarify what else are you looking for?
C
Constant Young (US)
Matan Grady I am looking to have different views of data through dynamic permissions, currently you can only have 1 owning team and my understanding is when you inherit ownership it is not having multiple teams? Are you saying we could have multiple teams have ownership currently?
Gur Shafriri
Constant Young (US)
You can have multiple teams as owners of an entity (either directly or inherited from another blueprint)
That being said, currently you cannot aggregate this list of owners from multiple inheritance path - would you say an option like that will solve the entire usecase described above?
C
Constant Young (US)
I would also say to show various views within port where the data ownership could be inherited from multiple places this is crucial to managing that. Think of a developer versus a large portfolio leader where both need access but atm we can only support one or the other.
Aidan O'Connor
Without this feature, this will be very difficult to implement for very large organizations. The burden of centralized administration is too much, so this will help to delegate smaller aspects of administration
Members of teams should be able to have different access permissions for certain blueprints to help manage this
P
Pablo Quintana (AR)
In my mind it would look smth like this:
{
"entities": {
"read": {
"roles": [
"arde_sast_vuln-moderator",
"Admin"
],
"users": [],
"teams": [],
"entityRoles": [
"owning_teams",
"reader_teams" // where reader_teams is a custom blueprint property we assign or mirror
]
},