https://datahubproject.io logo
Join Slack
Powered by
Hello again, so I having a bit of trouble with set...
# all-things-deployment
m
Hello again, so I having a bit of trouble with setting a correct role and define the correct policies for some users. In my case, I have a user, let's call him user A. This user A initially has the reader role (which only lets him see the datasets and the glossary; he isn't allowed to see the ingestion, users&groups and permissions tabs). Later on I created some policies (with the root user as with the user A I didn't have enough privileges) over a domain to check if I was able to restrict the people that would be able to see it. After creating the policies, I logged in again with the user A. To my surprise, I was able to see the ingestion, users&groups and permissions tabs which I wasn't able to see when the role changes took effect. Can anyone explain why this strange behaviour might be happening??
Could it be a problem of priorities with the default policy called "*All Users - All Platform Privileges*"?? I forgot to mention that after all of that I alter the behaviour of that policy in order to make it more restrictive. I have disabled it and now the user A can see again only the basic tabs (not the ingestion or user&group ones)
i
Without seeing exactly what the policies were created by the root user & the changes made to the default policy I would guess the issue was around the latter.
All Users - All Platform Privileges is basically a grant root permissions to all users, so it needs to be disabled in scenarios such as yours. You will be better serve by creating a new set of policies tailored to your locked-down use-case.
m
If I recall correctly, the changes where basically erasing the "General Personal Access Token" and "Manage Users & Groups".
I also think creating my own policies would be a better workaround, since the default one are too general. Thanks for the help!
Open in Slack
PreviousNext
Powered by