If a user is an IDP admin or the account owner, they will have admin permissions. Admin permissions should only be used during break glass scenarios/as needed. This is similar to using sudo privileges; today this means that I perform all actions with sudo.
Preferably all users can log in without admin privileges. Login policies can determine if they have elevated space permissions. I picture this as having an “admin” IDP group that is empty most of the time and everyone is in a “All Spacelift Users” group. As needed, a user could request elevated access from the IDP side to be a member of the admin Group. The Spacelift login policy can then grant admin access if the user is in the admin group.
Please authenticate to join the conversation.
⬆️ Gathering votes
💡 Feature Requests
Access Control
Over 1 year ago
Get notified by email when there are changes.
⬆️ Gathering votes
💡 Feature Requests
Access Control
Over 1 year ago
Get notified by email when there are changes.