Hello here, we successfully enabled

OIDC

authentication for the Datahub frontend using OKTA as identity provider. We’d also like to take full advantage of the fine-grained authorization layer in Datahub by creating a set of policies to tailor different access privileges to different user groups. While this already works alright, it would be nice if this initial policy creation could be handled when bootstrapping the frontend. The use case is to eliminate the need for this manual step upon creating a new environment and use a git-flow in order to manage the policies. This would improve environment reproducibility and make testing and change management easier. I’m not sure if such a feature is already implemented or planned. I found no docs around it and that’s the reason of my question 🙂 Thanks!

Hey hey! You can actually add bootstrapped policies by changing the file

policies.json

which contains policies that are loaded up into DataHub when it is deployed!

Hi John, yes thank you! this is more or less what I was looking for. And ideally it would also be supported by the helm charts 😉

Haha! That's @early-lamp-41924’s department 😉

Hi folks! I’ve migrated this over to our new feature request portal - https://feature-requests.datahubproject.io/b/User-Experience/p/rbac-policy-creation-with-oidc Please upvote/add additional context/subscribe for updates there!

sounds great!

@breezy-guitar-97226 @early-lamp-41924 I had a quick look at this since I am facing the same problem: I would like to deploy the frontend with a pre-made

policies.json

, and without having to build my own frontend. To me, it is silly having to build a component when I only want to change its configuration. I'm not super experienced when it comes to UIs and webapps, but I think it is something common (to have to rebuild...). I know it's easy enough with

helm

to "inject" a config file using a

configmap

, but that only works if the component can load that external file a boot time. Do you guys think it would be feasible?