[katello-devel] System Group permission recap
Justin Sherrill
jsherril at redhat.com
Thu May 3 17:48:43 UTC 2012
Hi All,
So after an intense discussion about System Groups and their
permissions, we've come up with the following permission model for
system groups:
Verbs:
Create/Manage
Read group X
Modify details and system membership of group X
Lock/Unlock group X
Delete Group X
Modify systems in group X (affects what is listed on the systems
page)
Read systems in group X (affects what is listed on the systems page)
Delete systems in group X
With the following notes:
- System visibility is additive and is determined by a union of the
following permissions:
* Read Systems in Org A
* Read Systems in Env B
* Read Systems in Group C
- So if a user has the above 3 permissions, a system would be readable
if it were in Org A or Env B or Group C.
- Same goes with "modify systems" on groups, orgs, environments
- A user can add a system Y to a group Z assuming the following 2
conditions:
* The user has the permission 'modify group Z'
* The user has at least the ability to read system Y as determined
by one of the 3 rules above
- The above means that a user can elevate the permissions he has on a
system from read-only to read/write if
* He has modify permission for some group X
* He has "modify systems in group X" permission
* He currently has read-only access to the system
* This needs to be made very clear in the UI that "modify group" &
"modify systems in group" permission could provide privilege escalation
for a system.
Let me know if you have any questions.
-Justin
More information about the katello-devel
mailing list