RBAC plugin

[dasari008]

RBAC Policy to allow every user read access does not work

I have installed the RBAC plugin and defined a default policy using a csv file. I'm not quite familiar with Casbin rule format but i think the policy i have defined here states that i want to allow every user the read action for the catalog-entity read resource.

p, *, catalog-entity, read, allow

Expected Behavior

The permission catalog-entity.read is denied for the user user:default/<my-username>

What are the steps to reproduce this bug?

Install the rbac backend plugin and set the policy as defined above in a csv file.

The app-config.local yaml file

permission:
   enabled: true
   rbac:
     pluginsWithPermissions:
        - catalog
        - scaffolder
        - permission
     policies-csv-file:  <absolute-path-of-the-csv-file-where-the-policy-is-defined>
     admin:
        superUsers:
           -name:  user:default/<some-other-username>

Versions of software used and environment

Local development
Node 18
Backstage version 1.29

[PatAKnight]

Sorry, we do not have support for wildcards at the moment. To be able to add the permission catalog.entity.read to your user user:default/<my-username>, you will need to create a role that can then be added to that permission.

g, user:default/<my-username>, role:default/some-role
p, role:default/some-role, catalog-entity, read, allow

Some more examples can be found here

[dasari008]

@PatAKnight No issues and thanks for letting me know. The issue is that assigning individual users to a role is very tiresome process when we have thousands of users. I see this issue here is what i'm also looking for. Hopefully we will have this feature in the future.