Feature Request: Create additional permissions so access will be more granular #704
Description
Current state
The access model in osctrl, which affects osctrl-admin and osctrl-api, does have the following permissions:
- Global admin: Provides access to administrative actions in all environments within
osctrland all operations within an environment (read, query, carve, admin) - Environment read: Provides limited read access within an environment
- Environment query: Provides on-demand query access for all nodes enrolled in an environment
- Environment carve: Provides file carving access for all nodes enrolled in an environment
- Environment admin: Provides access to all the environment operations (read, query, carve) and some environment specific management operations.
Proposed change
Add additional permissions that can increase the granularity of the access. For example, within environment query, a limited query access can allow only to access certain saved queries instead of any query to any enrolled node.
Impact
Better access management but given the current compartmentalization, it should not be too complex to implement.