Re: Space Manager visibility of an app's environment variables

Jesse T. Alford

Agreed: the simple/hierarchical model of permissions is less flexible and
composable. Having each roll have the permissions of the one "under" it
plus a new layer limits the business rules this can be used to implement.

I might even argue that managers shouldn't necessarily have auditor
permissions automatically.

The counter argument here is that we're basically either inflicting a poor
user experience or forcing clients to take on additional complexity to give
users intuitive experiences. One solution might be to allow operators to
create and manage custom roles, like we do with quotas. If the flexibility
to implement business rules is accessible under the "role" abstraction, we
can afford friendlier/more naive defaults.

On Sat, Feb 27, 2016, 11:24 AM Krannich, Bernd <bernd.krannich(a)>

Sorry for broadening the discussion but for us it’s the other way round
for a similar use case: Having the CF admin role grants you developer
rights in all orgs and spaces (for example, you could `cf env` to retrieve
service instance credentials) which is something that’s IMHO not desirable
from a security/compliance perspective especially when running multiple
(external) customers on one CF instance. Customers typically don’t want
their providers to be able to be able to see all their data per default.
Sure, you can always grant yourself these roles as a CF admin but then
there’s audit logging to track those changes.

I guess one could go along a similar line of argumentation for space
manager and space developer.

For both cases the thing is: You can achieve the desired behavior by
granting more roles but if you combine roles there’s no way to achieve
separation of duties.


From: Matt Cholick <cholick(a)>
Reply-To: "Discussions about Cloud Foundry projects and the system
overall." <cf-dev(a)>
Date: Saturday 27 February 2016 at 19:04
To: "Discussions about Cloud Foundry projects and the system overall." <
Subject: [cf-dev] Re: Re: Re: Re: Space Manager visibility of an app's
environment variables

This is a source of confusion for our end users as well. Users will have
the space manager role, but not the space developer role, and fail when
they first try to push an application.

On Sat, Feb 27, 2016 at 8:16 AM, Mike Youngstrom <youngm(a)> wrote:

For some history this is the last discussion I recall having on the


On Sat, Feb 27, 2016 at 5:23 AM, Tom Sherrod <tom.sherrod(a)>

I'm glad to see this question. Why does a space manager role not include
all space developer permissions?

On Thu, Feb 25, 2016 at 11:51 AM, Mike Youngstrom <youngm(a)>

I debated long ago and still believe that a space manager should be
able to do everything a space developer can do. Could this be simplified
just by making that change? Or are there still reasons to limit a space
manager's abilities?


On Thu, Feb 25, 2016 at 3:54 AM, Dieu Cao <dcao(a)> wrote:

Hi All,

Currently only Space Developers have visibility on the
/v2/apps/:guid/env end point which backs the cf cli command `cf env
Please let me know if you have any objections to allowing Space
Managers visibility of an app's environment variables.
This is something we would like to tackle soon to address some
visibility concerns.


Join to automatically receive all group messages.