Github user mitchell852 commented on a diff in the pull request:
https://github.com/apache/incubator-trafficcontrol/pull/435#discussion_r114385140
--- Diff: traffic_ops/app/db/seeds.sql ---
@@ -22,6 +22,257 @@ insert into role (id, name, description, priv_level)
values (5, 'portal', 'Porta
insert into role (id, name, description, priv_level) values (6,
'migrations', 'database migrations user - DO NOT REMOVE', 20) ON CONFLICT DO
NOTHING;
insert into role (id, name, description, priv_level) values (7,
'federation', 'Role for Secondary CZF', 15) ON CONFLICT DO NOTHING;
insert into role (id, name, description, priv_level) values (8,
'steering', 'Role for Steering Delivery Services', 15) ON CONFLICT DO NOTHING;
+insert into role (id, name, description, priv_level) values (9, 'root',
'Role for full capabilities - super-user ', 30) ON CONFLICT DO NOTHING;
--- End diff --
If possible, I would like to leverage our existing roles to ease the
migration from role-based auth (which the current UI uses) to
role/capability-based auth (which the API will use). But, I would like to make
some small changes like so:
role name, priv level, capabilities
admin, 100, "all" capability <-- this should satisfy your "root" role
migrations, 80, TBD
steering, 80, TBD
federation, 80, TBD
deploy, 80, TBD
operations, 70, TBD
read-only, 60, TBD
tenant-admin, 50, TBD <-- new role
tenant-read-only, 40, TBD <-- renamed from "portal"
disallowed, 0, none
let me know what you think. i'm really trying to make sure the existing UI
continues to function properly while we add roles/capabilities that the API can
utilize.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
