User story #22206


Allow user to define custom roles in rudder-user.xml

Added by François ARMAND over 1 year ago. Updated 21 days ago.

System integration
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do


The idea is to be able to have new roles defined from system roles (atomic permissions or plugin roles).

The general (that will be documented at the end of the implementation) would looks like:

      <role name="role_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
      <role name="role_a1" roles="role_a0" />                            <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="role_b0" roles="inventory" />                          <!-- node_read -->
      <role name="role_c0" roles="node" />                               <!-- node_* -->

      <role name="role_d0" roles="role_a1,role_b0" />                    <!-- node_*,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="inventory" roles="....." />                            <!-- empty list - already defined -->

  <user password="..." name="user_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <user password="..." name="user_a1" roles="role_a" />                             <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <!-- same behavior than for roles -->

Subtasks 9 (0 open9 closed)

Architecture #22318: Refactor case insensitivity property for usersReleasedElaad FURREEDANActions
Bug #22353: Administrator doesn't have any access anymoreReleasedVincent MEMBRÉActions
Bug #22357: Reloading user must discared previously registered custom-rolesReleasedVincent MEMBRÉActions
User story #22382: Update documentation for custom rolesReleasedAlexis MoussetActions
Enhancement #22383: Password tag should be optionnal and default to bcrypt encodingReleasedVincent MEMBRÉActions
Bug #22384: Unknown roles must be ignored, not lead to invalid roleReleasedVincent MEMBRÉActions
User management - Enhancement #22385: Update user-management doc for custom-rolesReleasedAlexis MoussetActions
Rudder plugins - Bug #22501: API selft-service token is not in user management but in API extended authzReleasedAlexis MoussetActions
Bug #22579: Rudder can't boot when custom role uses cve_read without cve pluginReleasedVincent MEMBRÉActions

Related issues 4 (0 open4 closed)

Related to User management - Bug #22349: Update user plugin to manage update custom rolesReleasedVincent MEMBRÉActions
Related to Change validation - Bug #22361: Adapt code to changes from #22206 (custom roles)ReleasedFrançois ARMANDActions
Related to Change validation - Bug #22443: Change validation must be adapted to user custom roles changesRejectedFrançois ARMANDActions
Related to Rudder - Bug #22457: Update rudder-user.xml to use permissions in place of roles attributeReleasedVincent MEMBRÉActions

Also available in: Atom PDF