You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recall that we don't have a plan for internal authz. So when I initially added the "internal API" user, I granted them all privileges by creating a built-in role assignment that grants this user the "fleet admin" role on the sole fleet.
After #1580, this no longer granted superuser privileges. The change in #1710 restores that previous behavior.
Longer term, of course we ought to have a plan for more restricted authz on the internal API.
Recall that we don't have a plan for internal authz. So when I initially added the "internal API" user, I granted them all privileges by creating a built-in role assignment that grants this user the "fleet admin" role on the sole fleet.
After #1580, this no longer granted superuser privileges. The change in #1710 restores that previous behavior.
Longer term, of course we ought to have a plan for more restricted authz on the internal API.
Originally posted by @davepacheco in #1710 (comment)
The text was updated successfully, but these errors were encountered: