It sounds like a good idea, and additional +1 that it doesn't break things.
On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg <mdell...@redhat.com> wrote: > In today's pulpcore meeting, we discussed that any endpoint that is not > aware of RBAC yet will be open to every authenticated user. > > The suggestion that was given, is that we change that default. So all > endpoints will raise permission errors unless RBAC opens them up. > This would not affect any existing installation, where we only allowed the > use of a single admin user. And by circumventing the permission framework > this special user will remain to be able to talk to all available endpoints > without restrictions. > On the other hand it should smooth out the transition period until we have > RBAC in all places. Since you could start giving permissions to users for > viewsets that have an access_policy, while not risking to give them access > to other sensitive parts that don't have it yet. > > What do you all think? > _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev