✅ Granular RBAC on Instance Actions

Headline:
Granular RBAC on Instance Actions to restrict users to more basic functions.


Description:
Would like to be able to restrict actions from the Instance > Actions and Server > Actions dropdown within the UI. Right now the access is full or none for the bulk of actions.


Example/Use case(s):

  1. Specific users should be able to reconfigure, and power on / off but not run tasks
  2. Specific users should be able to run a subset of tasks/workflows on servers only. Operational type tasks and workflows should be hidden.
  3. Specific users should not have the ability to add node

For now our main use cases would be to allow/deny a user separately (in order of priority):

  • Power Cycle (Start, Stop, Restart)
  • Reconfigure
  • Delete
  • Edit
2 Likes

Thank you for the additional input @marcel.rummens! Quick question. Are you looking to simply hide the Edit/Delete/Power Cycle? Or are you looking for granular tasks within those functions.

Also, do delayed deletion policies solve the ask about Delete?

We actually want them (Power, Delete, Reconfigure etc.) to be displayed instead of hidden. Our use case is that we want to hide the Create/Add Instance Button/Wizard but retain the above buttons. So maybe it would also be sufficient is we split the roles like this:

  • Add
  • Actions
  • Delete

Then we have the main life cycle elements covered.

@cbunge Any news here?

Hi @marcel.rummens we have this on our priority list awaiting an assigned estimate release.