Feature Request: segregated user classes

Question

Feature Request: segregated user classes

pnathan opened this issue 8 years ago · comments

From the Security Model page:

What an authenticated user can achieve
A user can view all secrets.
A user can view all secret to service mappings.
A user can create new revisions of a secret.
A user can create new revisions of a service mapping.

It would be grand to be able to have classes of users:

admins, who have all power
users, who are tied to the enumerated services by the admins (possibly through farming out to some LDAP system or other RBAC provider).

IOW, applying the principle of least privileges to the users.

Ryan Lane · Answer 1 · Sat Apr 30 2016 06:43:51 GMT+0800 (China Standard Time)

Yep. We keep punting on adding ACLs, but it is something we want in confidant. One of the harder bits of this is properly designing it so that it isn't a major burden to use. We can use this issue to come up with a proper design spec.

Ryan Lane · Answer 2 · Sat Apr 30 2016 06:45:01 GMT+0800 (China Standard Time)

Also congrats on creating an issue that made me add most of the major labels :D

Velmurugan Velayutham · Answer 3 · Thu Mar 08 2018 09:33:05 GMT+0800 (China Standard Time)

are you aware of any third party python library , that can be integrated into confidant to implement RBAC ?.

Ryan Lane · Answer 4 · Fri Mar 09 2018 01:59:37 GMT+0800 (China Standard Time)

Flask Principal looks like a good option here:

http://pythonhosted.org/Flask-Principal/

Velmurugan Velayutham · Answer 5 · Fri Mar 09 2018 21:03:38 GMT+0800 (China Standard Time)

Thanks a lot 👍

Ryan Lane · Answer 6 · Sat Jan 11 2020 10:31:55 GMT+0800 (China Standard Time)

Update here: we've added ACL hook points that call into a pluggable access control framework. The hookpoints have the ability to control the following:

global listing of credentials (resource=credential, action=list)
global creation of credentials (resource=credential, action=create)
global listing of services (resource=service, action=list)
global creation of services(resource=service, action=create)
per-resource viewing of credential metadata (resource=credential, action=metadata, resource_id=<credential_id>)
per-resource viewing of credential decrypted credential pairs (resource=credential, action=get, resource_id=<credential_id>)
per-resource editing of credentials (resource=credential, action=update, resource_id=<credential_id>)
per-resource reverting of credential, from history (resource=credential, action=revert, resource_id=<credential_id>)
per-resource viewing of service metadata (resource=service, action=metadata, resource_id=<service_id>)
per-resource viewing of service data with decrypted credential pairs (resource=service, action=get, resource_id=<service_id>, kwargs=<list_of_credential_ids>)
per-resource editing of services (resource=service, action=update, resource_id=<service_id>)
per-resource reverting of service, from history (resource=service, action=revert, resource_id=<service_id>)

The pluggable module can be configured via ACL_MODULE, which is set to a full python path and function; like: confidant_private.authnz.my_acl_module:my_acl_function

This can be used as a basis to plug your own ACL system into confidant. In a future release we'll likely add in support for a standard ACL implementation, for use if you don't have your own ACL system.

Ryan Lane · Answer 7 · Fri Feb 14 2020 10:46:41 GMT+0800 (China Standard Time)

Released in version 6.0.0. See docs: https://lyft.github.io/confidant/acls.html