Skip to content

Enable fine-grained update/delete RBAC enforcement by default #19988

New issue
New issue
Closed
#20671
Closed
Enable fine-grained update/delete RBAC enforcement by default#19988
#20671
Assignees
agaudreault
Labels
component:rbacIssues related to Openshift and RacherenhancementNew feature or request
Milestone
 
v3.0
@agaudreault

Description

@agaudreault
agaudreault
opened on Sep 18, 2024

Summary

In 2.12 we introduced new RBAC for fine-grained update/delete in #18124. To keep backward compatibility, the applications, update and applications, delete rbac implicitly grant permissions to update/delete application's resources.

Motivation

Streamline behavior that was not possible without breaking changes.

Proposal

With the new fine-grained RBAC, applications, update and applications, delete give permission to manually edit/delete the Application, while applications, update/* and applications, delete/* are used for applications sub-resources.

The built-in policy should be updated to add applications, update/* and applications, delete/* for role:admin to preserve current privilege.

Metadata

Metadata

Assignees

Labels

component:rbacIssues related to Openshift and RacherenhancementNew feature or request

Type

No type

Projects

Argo CD 3.0

  • Status

    Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions