Allow user impersonation to quickly try out other roles #1012
Labels
backend
Issues related to the backend.
enhancement
New feature or request.
ui
Issues related to the UI.
Comments
sschuberth
added
enhancement
|
When implementing #1031 I noticed that as they are, the permissions are already "too wide": giving a user READERS rights to an organization allows the user to see all products under the org., and all repositories in all these products. Same goes for WRITERS and ADMINS rights: all access rights cascade down the entity tree, see my issue #1056, item 3. |
|
Keycloak has an impersonation feature: https://www.keycloak.org/docs/latest/server_admin/#con-user-impersonation_server_administration_guide |
It seems to be available in version 23.0.0 already, so that's good. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Before inviting new user or changing roles of a user, you want to be very sure to not accidentally grant to wide permissions. To double-check the planned roles to give, an "impersonation" feature would be great that allows to temporarily play "what if" by giving one's own user different roles to see the effect of the role change.
The text was updated successfully, but these errors were encountered: