►
From YouTube: UX: RBAC permissions mapping exercise - CI/CD
Description
Daniel Mora from the Authentication and Authorization group syncs with the CI/CD UX designers to evaluate the permissions mapping effort done so far and investigate next steps to progress the RBAC project.
A
A
So
you
know
analytics
would
be
grouped
as
one
and
then
we
would
try
and
find
out
where
his
clusters
be
gone
to
what
is
a
container
industry
Etc,
so
that
was
the
first
pass
I
did
um
after
we
had
started.
Looking
at
some
of
this,
um
we
under
we
started
seeing
a
problem
where,
as
an
example
where,
if
I
were
to
look
at
a
individual
permission
called
view,
project
code
and
I
was
to
disable
this
permission.
A
So
what
I've
done
is
I've
gone
through
and
mapped
all
of
the
permissions
to
try
and
see
if
I
could
find
these
sorts
of
mappings
and
tied
to
this
issue.
Specifically,
the
devs
are
looking
at
consolidating
this
permission
to
view
Pipeline
and
view
pipeline
details
so
that,
instead
of
it
being
two
permissions,
it's
just
one
um
kind
of
like
consolidating
line
items
here
in
this
table
or
the
same
thing
here.
A
The
idea
is
that,
if
we're
going
to
move
forward
with
um
having
a
prototype
where
an
admin
can
go
and
toggle
individual
features,
if
we
try
and
minimize
this
complexity,
um
that
can
help
on
the
back
end
with
the
problem
that
they
describe
here,
that
um
they
would
have
uh
there
wouldn't
be
a
need
for
overlapping
or
redundant
permission.
So,
in
the
case
of
here
they
have
the
same
access
level.
A
um
We
wouldn't
be
um
less
confusion
here
and
then
uh
it
would
make
things
easier
to
undo
or
to
make
changes
within
the
the
code
base,
without
being
so
catastrophic
towards
like
if
you
allow
something
that
they
shouldn't
have
access
to,
they
wouldn't
necessarily
cause
any
sort
of
negative
impact
in
the
in
that
sort
of
permission.
If
you
were
to
enable
that
permission
right,
so
the
reason
I
need
you
all
to
to
sync
with
me
today
is
to
kind
of
go
over.
B
A
So
the
idea
would
be
specifically
in
this
case,
where
view
pipeline
page
and
view
pipeline
Details
page.
The
question
presents
itself:
why
are
these
separate?
What
is
the
use
case
or
the
job
to
be
done
to
have
them
individual,
independent
permissions,
and
so,
if
there
isn't
a
real,
realistic
or
definitive
purpose
for
them
being
separate,
then
can
we
merge
those?
A
B
Got
it
so
one
thing
that
I
just
noticed
in
the
link
that
I
just
shared
uh
it's
just
your
list
of
permissions
which
are
specific
to
pipelines
on
the
dots
and
while
looking
at
this
table.
If
you
see
the
we
have
separated
out
view
pipeline,
detail,
speed
view
pipeline
page
and
view
pipeline
tab
in
Mr
and
when
I
kind
of
cross
checked
that
with
the
documentation
that
I
have
in
my
personal
Excel
sheet.
The
only
difference
that
I
see
between
um
accessing
the
pipeline
list
view
versus
the
pipeline.
B
So
that's
something
that
I
think
we
should
also
cross
check
with
the
team
if
there
is
a
possibility
to
consolidate
that
with
these
two
permissions
that
you
just
talked
about,
unless
there
is
a
very
compelling
case
of
not
allowing
guests
to
visit
that
particular
job
in
a
mode
request,
but
at
the
same
time
be
able
to
look
at
the
pipeline
list.
View.
A
Well
so
one
thing
I
guess
I
should
probably
clarify-
is
that
this
change
doesn't
necessarily
have
any
reflection
on
guest
reporter
developer
maintainer
owner.
The
idea
being
is
that
as
an
admin,
I
can
then
customize
all
of
these
to
offer
those
individual
permissions.
So
if
a
guest
only
had
access
to
one
particular
permission,
I
could
then
enable
that
they
would
no
longer
be
a
guest,
so
any
sort
of
restriction
that
you're
seeing
by
a
non-member
or
a
guest
not
having
access
to
that
doesn't
necessarily
play
into
this
particular
problem.
A
I,
don't
think,
okay,
apart
from
what
do
they
have
currently
and
can
I
enable
or
disable
that
um
the
idea
being
that
an
admin
would
then
give
custom
feature
custom
access
to
something
the
impetus
for
the
project
is
our
permissions
are
either
too
permissive
or
too
restrictive.
So
if
somebody
can
come
in
here
and
say,
I
want
a
guest
role
but
I'm
going
to
also
give
them
permission
to
run
a
pipeline
and
then
disable
all
the
other
things
that
could
be
possible.
A
B
Right
in
that
case,
I
think
it
definitely
makes
a
lot
of
sense
to
kind
of
treat
the
pipeline
tab
in
merge
request
the
same
way
as
we
treat
list
view.
The
only
thing
uh
that
I
don't
think
I
have
the
I
have
complete
knowledge
to
comment
on
is
uh
how
that
plays
with
the
access
to
merge
request
page
because,
eventually,
like
the
same
pipelines,
are
also
going
to
appear
on
the
python
list
view.
B
A
Yeah
I
guess
that's
also
something
where
I
was
looking
for.
Your
knowledge
is
that
so,
as
it's
grouped
so
far,
we're
just
looking
at
this
CI
CD
screen,
but
it
doesn't
necessarily
just
stop
there
right.
So
it
touches
merger
quests,
and
you
know,
parts
of
the
repo
right.
So
are
there
connections
there
that
I'm
not
linking
correctly
because
they're
in
these
little
boxes
right?
Should
this
be
a
more
um
connected
prototype
or
not
prototype
but
um
connected
um
mapping?
Here.
B
A
C
A
B
B
A
C
B
C
B
C
C
B
B
A
C
A
A
uh
And
that's
kind
of
what
I'm
also
curious
is,
if
you
were
to
disable
that
what
does
it
look
like
from
the
UI
that
basically
just
disappears
these?
Can
these
navigation
items
I?
Guess
that's
how
we
are
handling
thing
right
now,
I
mean
with
just
basic
permissions
right.
If
you
just
don't
have
access,
nothing
will
appear
right.
This
tab
would
go
away
yeah.
B
A
B
B
A
C
A
A
A
B
A
A
A
C
B
B
A
B
A
A
C
One
other
thing
to
to
throw
in
there:
it's
not
fully
live,
yet
it's
only
enabled
for
this
project
for
git
lab
projects.
But
if
you
go
to
CI
CD,
we
also
have
artifacts
now,
and
that
depends
on
jobs
and
Pipelines.
So
it's
like
the
way
that
we
think
I
was
just
saying.
If,
if
you
don't
have
access
to
a
pipeline,
you
don't
have
access
to
the
jobs,
then
you
also
won't
have
access
to
the
artifacts.
A
A
uh
Yeah
so
like
I
think
that's
my
my
ask
for
the
team.
Is
that
just
double
check
what
I
have
so
far
and
make
new
links
or
break
links,
as
you
see
um
relevant
to
your
group
and
then
also
just
you
know,
feel
free
to
note
or
call
out
anything
that
might
be
weird
or
problematic,
and
we
can
talk
about
it.
Async
and,
like
I,
said
I'm
also
going
to
pass
this
through
with
the
devs.
So
they
can
see
um
what
we're
talking
about
in
our
concerns.