+1 What happens if a new account is created on an existing Pulp installation (if that is possible)? Would it then start following the deny-by-default pattern?
On Wed, Jan 6, 2021 at 8:57 AM David Davis <davidda...@redhat.com> wrote: > +1 from me. > > David > > > On Wed, Jan 6, 2021 at 8:28 AM Ina Panova <ipan...@redhat.com> wrote: > >> +1 to the change. >> >> >> -------- >> Regards, >> >> Ina Panova >> Senior Software Engineer| Pulp| Red Hat Inc. >> >> "Do not go where the path may lead, >> go instead where there is no path and leave a trail." >> >> >> On Wed, Dec 16, 2020 at 8:14 PM Tanya Tereshchenko <ttere...@redhat.com> >> wrote: >> >>> It sounds like a good idea, and additional +1 that it doesn't break >>> things. >>> >>> On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg <mdell...@redhat.com> >>> wrote: >>> >>>> In today's pulpcore meeting, we discussed that any endpoint that is not >>>> aware of RBAC yet will be open to every authenticated user. >>>> >>>> The suggestion that was given, is that we change that default. So all >>>> endpoints will raise permission errors unless RBAC opens them up. >>>> This would not affect any existing installation, where we only allowed >>>> the use of a single admin user. And by circumventing the permission >>>> framework this special user will remain to be able to talk to all available >>>> endpoints without restrictions. >>>> On the other hand it should smooth out the transition period until we >>>> have RBAC in all places. Since you could start giving permissions to users >>>> for viewsets that have an access_policy, while not risking to give them >>>> access to other sensitive parts that don't have it yet. >>>> >>>> What do you all think? >>>> _______________________________________________ >>>> Pulp-dev mailing list >>>> Pulp-dev@redhat.com >>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>> >>> _______________________________________________ >>> Pulp-dev mailing list >>> Pulp-dev@redhat.com >>> https://www.redhat.com/mailman/listinfo/pulp-dev >>> >> _______________________________________________ >> Pulp-dev mailing list >> Pulp-dev@redhat.com >> https://www.redhat.com/mailman/listinfo/pulp-dev >> > _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev