You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you have a model you want to use roles for, you do permission_registry.register(MyModel).
However, some models you don't want roles for. A good example is Host from AWX. The model would, nonetheless, follow the general standards of "parent" resources in DAB RBAC. The parent of a Host object is its Inventory object. Any and all questions about access control for a host are deferred to its inventory. AWX covers this in various access logic.
This asks for a way to register a model, in that DAB RBAC will manage access control for it via its parent object, but will not track roles. Enforcing the rules will be done through API logic and utility methods (like the permission class and querysets), and no content will be put in the RoleEvaluation table for such models. This will offer much better performance than registering it as an ordinary model, because rebuilding entries in RoleEvaluation is unnecessary.
Total spitball:
permission_registry.lazy_register(Host)
The text was updated successfully, but these errors were encountered:
If you have a model you want to use roles for, you do
permission_registry.register(MyModel).However, some models you don't want roles for. A good example is
Hostfrom AWX. The model would, nonetheless, follow the general standards of "parent" resources in DAB RBAC. The parent of aHostobject is itsInventoryobject. Any and all questions about access control for a host are deferred to its inventory. AWX covers this in various access logic.This asks for a way to register a model, in that DAB RBAC will manage access control for it via its parent object, but will not track roles. Enforcing the rules will be done through API logic and utility methods (like the permission class and querysets), and no content will be put in the
RoleEvaluationtable for such models. This will offer much better performance than registering it as an ordinary model, because rebuilding entries inRoleEvaluationis unnecessary.Total spitball:
The text was updated successfully, but these errors were encountered: