Better role/permissions handling
PlannedSesam could use a better permissions/role handling system.
Bare minimum:
- Better fine tuning in the permissions tab (under datahub settings). At the very least, it should be possible to 1) control read access to see all pipe configs but not change their content (the "Read configuration" option does not do this for some reason?), 2) give access to see the data input/output for the pipes, 3) give access to run / restart the pipes.
- Better documentation (!!). As far as I can see, permission handling is only described under https://docs.sesam.io/security.html?highlight=permissions#subscriptions-users-roles-and-permissions, which does not give any information about the default roles (e.g. Admin, developer etc) or the permissions options available. As a bare minimum all the role / permissions options should be described in your documentation.
- It should be possible to add a "Description" to a custom role. Right now there is only a text field for "Role name" and the description will read "No description" after it's created see image below.
Niceness:
It would be neat to be able to manage roles and their permissions directly under e.g. the node-metadata config. i.e. have an entry for Roles which then have a "Name", "Description" and a list of "Permissions".
-
Official comment
This is good feedback. Thanks.
We will definitely write better documentation for the permissions system. This is already planned. We'll also add support for custom descriptions on user-defined roles.
Regarding assigning the "Read configuration" permission I believe you can do that in the "Prototype permissions" tab already.The ability to describe permissions as config, e.g. in the service metadata, is also something we have considered. Nothing concrete has been planned yet, but it would definitely be nice.
Comment actions
Please sign in to leave a comment.
Comments
2 comments