main

Frequently Asked Question (FAQ)

  • Q: Are there permissions that do not cascade down the group hierarchy?
  • Q: How do we define the scope of a permission? (hierarchical?)
  • Q: What is the unique identifier for each security principal across service boundaries? (i.e. bigint, ulid, uuid, email)
  • Q: What permissions do each of the standard roles have today?
  • Q: How does a permission cascade down a group hierarchy?
Organization
  Group A
    * Roles
      * Developer
      * Maintainer
      * Custom A
        * base: developer
        * permissions:
          * admin_vulnerability: true
            * read_vulnerability: true (implicitly)
      * Custom B
        * base: maintainer
        * permissions:
          * Doesn't really matter because Maintainer has all the permissions available via a custom role. <- Fact check this
    Group Aa
      Project Aa1
      Project Aa2
    Group Aaa
      Project Aaa1
      Project Aaa2
  • Q: If a user has a membership at Group A, does the permissions associated with that membership cascade down to Group Aa and Group Aaa?