blob: 8e73beb241a26c500a4f83b972a9043397da5966 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# Frequently Asked Question (FAQ)
* Q: Are there permissions that do not cascade down the group hierarchy?
* Q: How do we define the scope of a permission? (hierarchical?)
* Q: What is the unique identifier for each security principal across service boundaries? (i.e. bigint, ulid, uuid, email)
* Q: What permissions do each of the standard roles have today?
* Q: How does a permission cascade down a group hierarchy?
```
Organization
Group A
* Roles
* Developer
* Maintainer
* Custom A
* base: developer
* permissions:
* admin_vulnerability: true
* read_vulnerability: true (implicitly)
* Custom B
* base: maintainer
* permissions:
* Doesn't really matter because Maintainer has all the permissions available via a custom role. <- Fact check this
Group Aa
Project Aa1
Project Aa2
Group Aaa
Project Aaa1
Project Aaa2
```
* Q: If a user has a membership at `Group A`, does the permissions associated with that
membership cascade down to `Group Aa` and `Group Aaa`?
|
