Re: Feature Narrative: Fine-granular & custom platform roles for Cloud Foundry
Duncan Mcintyre <mcintyredu@...>
I’m all for anything which gives finer grained control. At present customers like RBS wrap the cf api with their own tooling in order to limit who can do what – which is obviously not optimal.
Shame we never implemented the ability to define custom roles in the database rather than have them hard-coded.
D
From:
cf-dev@... <cf-dev@...> This is really a promising step.
cloud.gov uses "service accounts",
https://cloud.gov/docs/services/cloud-gov-service-account/, which are implemented with:
https://github.com/cloudfoundry-community/uaa-credentials-broker. Usually these are used in CI/CD systems for deployments. I'd like to see Operator renamed to Deployer and have some further rights removed, like viewing other spaces or or other users and roles, perhaps.
Or if there's a real need for the Operator role, then maybe add yet another role for Deployers (but that seems to be getting into IAM-level scope creep).
--Peter
On Wed, Dec 2, 2020 at 11:27 AM Klevenz, Stephan <stephan.klevenz@...> wrote:
- Peter Burkholder | cloud.gov compliance & security please use cloud-gov-compliance@... for cloud.gov matters
|
|