github-starred/komodo
2
0
Fork 0
mirror of https://github.com/moghtech/komodo.git synced 2025-12-05 19:17:36 -06:00
Code Issues 258 Packages Projects Releases 10 Wiki Activity

update specific permission in docs

Browse Source
This commit is contained in:
mbecker20
2025-05-30 16:58:28 -04:00
parent 6d6acdbc0b
commit 1278c62859
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docsite/docs/permissioning.md
View File

@@ -29,17 +29,19 @@ Permission levels alone are not quite enough to provide granular access control.
Some features are additionally gated behind a specific permission for that feature.
- **`Logs`**: User can retrieve docker / docker compose logs on the associated resource.
- Valid on `Server`, `Stack`, `Deployment`
- Valid on `Server`, `Stack`, `Deployment`.
- For admins wanting this permission by default for all users with read permissions, see below on default user groups.
- **`Inspect`**: User can "inspect" docker resources (like containers) on the `Server`
- Access to this api will expose all container environments on the given server, and can easily lead to secrets being leaked to unintended users if not protected.
- **`Inspect`**: User can "inspect" docker containers.
- Valid on `Server`, `Stack`, `Deployment`.
- **On Servers**: Access to this api will expose all container environments on the given server,
and can easily lead to secrets being leaked to unintended users if not protected.
- **`Terminal`**: User can access the associated resource's terminal.
- If given on a `Server`, this allows server level terminal access.
- If given on a `Stack` or `Deployment`, this allows container exec terminal (even without `Terminal` on `Server`)
- If given on a `Server`, this allows server level terminal access, and all container exec priviledges (Including attached `Stacks` / `Deployments`).
- If given on a `Stack` or `Deployment`, this allows container exec terminal (even without `Terminal` on `Server`).
- **`Attach`**: User can "attach" *other resources* to the resource.
- If given on a `Server`, allows users to attach `Stacks` and `Deployments`
- If given on a `Builder`, allows users to attach `Builds`
- **`Processes`**: User can retrieve the full running process list on the `Server`
- If given on a `Server`, allows users to attach `Stacks`, `Deployments`, `Repos`, and `Builders`.
- If given on a `Builder`, allows users to attach `Builds`.
- **`Processes`**: User can retrieve the full running process list on the `Server`.
## Permissioning by Resource Type