github-starred/komodo
2
0
Fork 1
mirror of https://github.com/moghtech/komodo.git synced 2026-04-30 14:25:22 -05:00
Code Issues 3.1k Packages Projects Releases 103 Wiki Activity

update specific permission in docs

Browse Source
This commit is contained in:
mbecker20
2025-05-30 16:58:28 -04:00
parent 6d6acdbc0b
commit 1278c62859
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docsite/docs/permissioning.md
View File

@@ -29,17 +29,19 @@ Permission levels alone are not quite enough to provide granular access control.
Some features are additionally gated behind a specific permission for that feature. Some features are additionally gated behind a specific permission for that feature.
- **`Logs`**: User can retrieve docker / docker compose logs on the associated resource. - **`Logs`**: User can retrieve docker / docker compose logs on the associated resource.
- Valid on `Server`, `Stack`, `Deployment` - Valid on `Server`, `Stack`, `Deployment`.
- For admins wanting this permission by default for all users with read permissions, see below on default user groups. - For admins wanting this permission by default for all users with read permissions, see below on default user groups.
- **`Inspect`**: User can "inspect" docker resources (like containers) on the `Server` - **`Inspect`**: User can "inspect" docker containers.
- Access to this api will expose all container environments on the given server, and can easily lead to secrets being leaked to unintended users if not protected. - Valid on `Server`, `Stack`, `Deployment`.
- **On Servers**: Access to this api will expose all container environments on the given server,
and can easily lead to secrets being leaked to unintended users if not protected.
- **`Terminal`**: User can access the associated resource's terminal. - **`Terminal`**: User can access the associated resource's terminal.
- If given on a `Server`, this allows server level terminal access. - If given on a `Server`, this allows server level terminal access, and all container exec priviledges (Including attached `Stacks` / `Deployments`).
- If given on a `Stack` or `Deployment`, this allows container exec terminal (even without `Terminal` on `Server`) - If given on a `Stack` or `Deployment`, this allows container exec terminal (even without `Terminal` on `Server`).
- **`Attach`**: User can "attach" *other resources* to the resource. - **`Attach`**: User can "attach" *other resources* to the resource.
- If given on a `Server`, allows users to attach `Stacks` and `Deployments` - If given on a `Server`, allows users to attach `Stacks`, `Deployments`, `Repos`, and `Builders`.
- If given on a `Builder`, allows users to attach `Builds` - If given on a `Builder`, allows users to attach `Builds`.
- **`Processes`**: User can retrieve the full running process list on the `Server` - **`Processes`**: User can retrieve the full running process list on the `Server`.
## Permissioning by Resource Type ## Permissioning by Resource Type