Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Grant-based role end-to-end tutorial #133

Closed
jamiewhths opened this issue Oct 3, 2024 · 3 comments
Closed

Grant-based role end-to-end tutorial #133

jamiewhths opened this issue Oct 3, 2024 · 3 comments
Assignees
Milestone

Comments

@jamiewhths
Copy link
Contributor

jamiewhths commented Oct 3, 2024

  • Getting roles
  • Creating a role (with parameters, database-level permissions, resource grants + optional resource grants)
  • Assigning a user to the new role (with the parameter value assignment + optional resource grant assignment)
  • Getting users/user role assignment
  • Bulk user assignment (adding multiple users/updating role assignments/deactivating users/removing users)
@nickdickinson
Copy link
Collaborator

nickdickinson commented Nov 6, 2024

Add helper:

  • getDatabaseRoles(databaseId)

@nickdickinson
Copy link
Collaborator

Remaining to be added to the tutorial:

  • Bulk user assignment

@jamiewhths
Copy link
Contributor Author

For bulk user assignment, take the same "small example" approach as Eliza's R examples, but with the following scenarios:

  • Adding multiple users with the same role assignment, maybe with the parameter value different for each user (e.g. everyone is Data Entry role but with different reporting partners)
  • Updating role assignments (when users were previously added, moving a batch of those users to a new role assignment) (maybe keeping the parameter values that were previously assigned -- e.g. move a group of Data Entry users with reporting partners to Supervisor roles with the same reporting partner)
  • Deactivating users: to "deactivate" a user means to remove access to any database resources, while keeping them on the invited database users list. This is important for record auditing to maintain the user name/email, but we exclude users who have no grants on a database from billing evaluation on database. To "deactivate", create role with no grants and assign to user.
  • Removing users: removing the user from the list of invited database users (this fully removes them from the database)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants