Back to all posts

Create Stack RBAC Permission

I would like a separate RBAC permission for Stacks that would allow users to create Stacks in a space.

Currently both Manage and Create are combined into the same RBAC permission stack:manage.

Adding a stack:create permission would allow more granular permissions when we want a user to be able to create stacks in a space and if the run:trigger permission is added the user would be able to run the stack they created.

This would be very useful for when Blueprints are used as the user could be given permissions to create and run a stack in a space, but wouldn’t be able to modify/delete the stack or change the repository the stack is using. The user would then also be able to trigger a run on the stack should they want to re-apply their TF in instances of state drift if therun:trigger permission is used in conjunction with stack:create.

Workaround
-
Problem
The problem we see is that the `stack:manage` permission is too broad. When we create Blueprints we have to provide this or Admin permission for a user to the space the stack is run in which means they can change the repo, context, or environment variables of a Stack to something else.

Please authenticate to join the conversation.

Upvoters
Status

⚙️ In Progress

Board

💡 Feature Requests

Tags

Blueprints

Date

3 months ago

Subscribe to post

Get notified by email when there are changes.