Skip to content

Feature Request: Create additional permissions so access will be more granular #704

@javuto

Description

@javuto

Current state

The access model in osctrl, which affects osctrl-admin and osctrl-api, does have the following permissions:

  • Global admin: Provides access to administrative actions in all environments within osctrl and all operations within an environment (read, query, carve, admin)
  • Environment read: Provides limited read access within an environment
  • Environment query: Provides on-demand query access for all nodes enrolled in an environment
  • Environment carve: Provides file carving access for all nodes enrolled in an environment
  • Environment admin: Provides access to all the environment operations (read, query, carve) and some environment specific management operations.

Proposed change

Add additional permissions that can increase the granularity of the access. For example, within environment query, a limited query access can allow only to access certain saved queries instead of any query to any enrolled node.

Impact

Better access management but given the current compartmentalization, it should not be too complex to implement.

Metadata

Metadata

Assignees

Labels

🙏 feature requestRequest for new featureosctrl-adminosctrl-admin related changesosctrl-apiosctrl-api related changesqueriesOn-demand queries related issues

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions