Rudder

Overview
Activity
Roadmap
Issues
Repository

Custom queries

Bugs triage
CS - by priority
CS - to review
My TR
Need technical review
Open bugs (all)
Open bugs (UI - UX)
Open UX defects (all)
Opened by users

Actions

Copy link

User story #22206

closed

Allow user to define custom roles in rudder-user.xml

Added by François ARMAND over 2 years ago. Updated about 1 year ago.

Status:

Released

Priority:

N/A

Assignee:

Vincent MEMBRÉ

Category:

System integration

Target version:

7.3.0~beta1

Pull Request:

https://github.com/Normation/rudder/p...

UX impact:

Suggestion strength:

User visibility:

Effort required:

Name check:

To do

Fix check:

To do

Regression:

Description

The idea is to be able to have new roles defined from system roles (atomic permissions or plugin roles).

The general (that will be documented at the end of the implementation) would looks like:

<authentications>
  <custom-roles>
      <role name="role_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
      <role name="role_a1" roles="role_a0" />                            <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="role_b0" roles="inventory" />                          <!-- node_read -->
      <role name="role_c0" roles="node" />                               <!-- node_* -->

      <role name="role_d0" roles="role_a1,role_b0" />                    <!-- node_*,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="inventory" roles="....." />                            <!-- empty list - already defined -->
  </custom-roles>

  <user password="..." name="user_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <user password="..." name="user_a1" roles="role_a" />                             <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <!-- same behavior than for roles -->
</authentications>

Subtasks 9 (0 open — 9 closed)

Architecture #22318: Refactor case insensitivity property for users	Released	Elaad FURREEDAN	Actions
Bug #22353: Administrator doesn't have any access anymore	Released	Vincent MEMBRÉ	Actions
Bug #22357: Reloading user must discared previously registered custom-roles	Released	Vincent MEMBRÉ	Actions
User story #22382: Update documentation for custom roles	Released	Alexis Mousset	Actions
Enhancement #22383: Password tag should be optionnal and default to bcrypt encoding	Released	Vincent MEMBRÉ	Actions
Bug #22384: Unknown roles must be ignored, not lead to invalid role	Released	Vincent MEMBRÉ	Actions
User management - Enhancement #22385: Update user-management doc for custom-roles	Released	Alexis Mousset	Actions
Rudder plugins - Bug #22501: API selft-service token is not in user management but in API extended authz	Released	Alexis Mousset	Actions
Bug #22579: Rudder can't boot when custom role uses cve_read without cve plugin	Released	Vincent MEMBRÉ	Actions

Related issues 4 (0 open — 4 closed)

Related to User management - Bug #22349: Update user plugin to manage update custom roles	Released	Vincent MEMBRÉ	Actions
Related to Change validation - Bug #22361: Adapt code to changes from #22206 (custom roles)	Released	François ARMAND	Actions
Related to Change validation - Bug #22443: Change validation must be adapted to user custom roles changes	Rejected	François ARMAND	Actions
Related to Rudder - Bug #22457: Update rudder-user.xml to use permissions in place of roles attribute	Released	Vincent MEMBRÉ	Actions