Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add group-based impersonate rule support #12953

Open
oneonestar opened this issue Jun 23, 2022 · 0 comments
Open

Add group-based impersonate rule support #12953

oneonestar opened this issue Jun 23, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@oneonestar
Copy link
Member

The current impersonation-rules only supports original_user, original_role and new_user.

Adding original_group and new_group would allow fine grained access control. For example:

{
    "impersonation": [
        // this allow admin role to impersonate any user, except for users in admin_group
        {
            "original_role": "admin",
            "new_group": "admin_group",
            "allow": false
        },
        {
            "original_role": "admin",
            "new_user": ".*"
        },
        // only users in batch_system_admin_group can impersonate users in batch_users_group
        {
            "original_group": "batch_system_admin_group",
            "new_group": "batch_users_group"
        },
        // only users in tester_group can impersonate the test user
        {
            "original_group": "tester_group",
            "new_user": "test"
        }
    ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Development

No branches or pull requests

1 participant