Define roles for IPM #709

isc-tleavitt · 2025-01-21T14:19:34Z

We need to give IPM to be able to manage roles granting relevant SQL permissions for IPM actions (which are particularly messy otherwise). There should be a separate API to grant all relevant SQL permissions to a given existing user/role.

This needs more investigation/specification, but my gut feeling is that there should be two roles:
%IPM_Read to grant relevant SQL privileges for read operations via IPM
(possibly) %IPM_Write to grant relevant SQL privileges for any inserts/updates (not sure of the extent to which we use these - most of IPM operates through objects)

We'll want zpm "enable" to manage these roles across different namespaces, provided the roles exist. We may also want to define resources with the same / related names.

isc-tleavitt added documentation Improvements or additions to documentation enhancement New feature or request labels Jan 21, 2025

isc-tleavitt added this to the January 2025 milestone Jan 21, 2025

isc-tleavitt self-assigned this Jan 21, 2025

isc-tleavitt added this to v1.0 targets Jan 21, 2025

github-project-automation bot moved this to To do in v1.0 targets Jan 21, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Define roles for IPM #709

Define roles for IPM #709

isc-tleavitt commented Jan 21, 2025

Define roles for IPM #709

Define roles for IPM #709

Comments

isc-tleavitt commented Jan 21, 2025