FR: extend default roles by api #82
Comments
|
Without an example, I'm not sure what you're suggesting. Today, an OrganizationRole is associated with an Organization. There are defaults when you create an Organization that pertain to permissions within the role (e.g. We put together a proposal for de-coupling that, so that OrganizationRoles are independent of Organizations: #48 Is that what you're looking for? If not, share an example scenario. |
|
Organizations has definded and default roles. default roles (my observation) gets created on organization-creation and cannot be deleted. They are used for rbac within org-use-cases. defined-roles can be created within each org-individualy. Our current workflow-plan is to create a service, which checks and define these additional roles, as needed. |
|
Thank you for explaining further. There is not currently a way to do this. For our own applications, we do this at organization creation, as you suggest in your workplan. The proposal I linked to above would be to move all roles to a default, "rather" than making them part of a specific organization. In the prototype of that proposal, we have done the migration in a way such that any roles you define in "all" organizations would become defaults. Beyond that, it's not yet decided if/how we would deal with roles that are part of only specific organizations. |
|
Closing in favor of #48 Please comment there. |
Is there currently a way to extend the default roles of organizations by custom roles, which then are applied by default for all organizations?
Usage: we had ressources, which are connected to organizations and want to manage access within the organizations without writing a programm which checks any org, if the neccessary roles are defined. ex. view-ressources-name, manage-ressources-name
The text was updated successfully, but these errors were encountered: