-
Notifications
You must be signed in to change notification settings - Fork 60
Open
Open
Copy link
Labels
🙏 feature requestRequest for new featureRequest for new featureosctrl-adminosctrl-admin related changesosctrl-admin related changesosctrl-apiosctrl-api related changesosctrl-api related changesqueriesOn-demand queries related issuesOn-demand queries related issues
Description
Current state
The access model in osctrl
, which affects osctrl-admin
and osctrl-api
, does have the following permissions:
- Global admin: Provides access to administrative actions in all environments within
osctrl
and all operations within an environment (read, query, carve, admin) - Environment read: Provides limited read access within an environment
- Environment query: Provides on-demand query access for all nodes enrolled in an environment
- Environment carve: Provides file carving access for all nodes enrolled in an environment
- Environment admin: Provides access to all the environment operations (read, query, carve) and some environment specific management operations.
Proposed change
Add additional permissions that can increase the granularity of the access. For example, within environment query, a limited query access can allow only to access certain saved queries instead of any query to any enrolled node.
Impact
Better access management but given the current compartmentalization, it should not be too complex to implement.
Metadata
Metadata
Assignees
Labels
🙏 feature requestRequest for new featureRequest for new featureosctrl-adminosctrl-admin related changesosctrl-admin related changesosctrl-apiosctrl-api related changesosctrl-api related changesqueriesOn-demand queries related issuesOn-demand queries related issues