Re: Role based access control discussion

Hi Dave,

On Thu, Mar 13, 2025 at 3:36 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:

> Hi
>
> On Thu, 13 Mar 2025 at 06:16, Aditya Toshniwal <
> aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>
>> Hi Hackers,
>>
>> I have started looking into a feature where users have requested for
>> custom roles. The roles can then be assigned permissions. Here's what I
>> think how it can be done:
>>
>> 1. Create a framework for roles based access control.
>> 2. Allow adding/editing/deleting roles from UI.
>> 3. User management dialog can be converted to a tab to get extra
>> space for other stuff.
>> 4. pgAdmin can have some predefined permissions. The permissions can
>> then be used to validate at the API levels and UI.
>> 5. New permissions cannot be added from UI as it will require code
>> changes. They can be added based on user requests.
>> 6. Admin can allow these permissions to the roles and roles can be
>> assigned to users.
>> 7. Permissions will be used to
>> 8. Admin role remains static with no changes allowed.
>>
>> Let me know your thoughts on this. If everything looks good then I will
>> proceed.
>>
>
> What permissions would we support initially?
>

Based on https://github.com/pgadmin-org/pgadmin4/issues/7310, we can start
with not allowing users to register a server. We'll start 1 or 2 may be,
the intention is to create a framework which will allow us to keep adding
permissions on future requests.

>
> --
> Dave Page
> pgAdmin: https://www.pgadmin.org
> PostgreSQL: https://www.postgresql.org
> pgEdge: https://www.pgedge.com
>
>

--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
<https://www.enterprisedb.com/>
"Don't Complain about Heat, Plant a TREE"