open-metadata
Issues with Role & Policies related to Resource: User
cc @chirag-madlani as the conversation on Slack.
Affected module backend - Role & Policies
Describe the bug
Create a new policy with only User, Team, Role resources
Create new Role and link with new policy was created.
Expected new role should have permission to create, edit, and update User, Team, and Role. But only Teams and Role can edit. User still not allow to create or edit.
For Roles, with the same policy. I can delete or add but can not change existing Role For Admins, only view. can not change or edit.
Please review all other resources to make sure when we create a single policy rule for each resource, it can work like we were set up on allow/ not allow config. Thanks team!
Please review all other resources to make sure when we create a single policy rule for each resource, it can work like we were set up on allow/ not allow config. Thanks team!
@hoangdh5, you can help the team by doing this review, and feel free to add details of problems you find into this same issue.
Hello @hoangdh5, some resource requires admin permissions to perform operations like edit, delete and create. even some resources are only visible to the admin only. therefore policy will not take effect in those resources.
@open-metadata/ui here i think we can use permission for creation of Users as well
@open-metadata/ui https://github.com/open-metadata/OpenMetadata/pull/20520 ths PR allows users with edit codition to run validations for policies but we anyway have support for user, roles and policies to be controlled via user permissions