Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better scope identities permissions #523

Closed
wants to merge 2 commits into from
Closed

Better scope identities permissions #523

wants to merge 2 commits into from

Conversation

april
Copy link
Contributor

@april april commented Oct 29, 2020

Update the identities permissions to allow LDAP to update the LDAP identities.

@april april requested review from fiji-flo and gene1wood October 29, 2020 18:22
@april
Copy link
Contributor Author

april commented Oct 29, 2020

I would note that the current set of published rules:

https://auth.mozilla.com/.well-known/mozilla-iam-publisher-rules

Allow mozilliansorg to set SSH/PGP keys on creation, but I'm pretty sure that is wrong? Is that indeed wrong, @fiji-flo?

@floatingatoll floatingatoll mentioned this pull request Jul 27, 2021
Draft
3 tasks
@floatingatoll
Copy link
Contributor

Thank you for the time put into this for us, I really appreciate it.

Work continues in #537.

floatingatoll added a commit that referenced this pull request Jul 27, 2021
@floatingatoll
Update identities in publisher rules to be more scoped
ca6d7d7 
This set of changes realigns the permissions granted to LDAP and
DinoPark with the capabilities present and used in production today.
(For example, DinoPark has no UI to modify SSH or PGP keys.)

These were prepared in #523 to allow LDAP to update LDAP keys that can't
be set by any other CIS integration, and this commit contains that work.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@april @floatingatoll