Skip to content

ADR-0022 OQ1: per-operator admin-console accounts + per-read attribution #308

Description

@Yambr

Open question carried by ADR-0022.

The read-only operator console ships with two accepted limitations:

  • Shared console password — one bcrypt credential, not per-operator accounts.
  • Operator-sees-all — the BFF dials Control as one operator-scoped peer, so a console view is not an audited per-human action (only the mutating CLI/SOAR path carries the NFR-SEC-45 per-actor audit), and the console projects every session with no per-operator scoping.

Lifting these requires per-operator console accounts and per-read attribution: distinct operator credentials at the BFF, an audited per-human read event, and optional per-operator scoping of the session projection.

Out of scope for the v1 read-surface contract; tracked here so the limitation is not later read as a defect.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions