Runtime: Security policies refactors
begelundmuller opened this issue · comments
- Support "include all" like semantics for certain users (thread)
- Change security policy to
repeated SecurityRule rules
- Have rules like
AllowKind
,AllowIf
,AllowResource
,TrimMetricsViewFields
, etc. - In
ResolvedMetricsViewSecurity
, theQueryFilter
should be of typemetricsview.Expression
, notruntimev1.Expression
- For non-admins, add security policy limiting access to exclude access to e.g. sources and models
- Change alert/report authorization code to use security policies